diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2012-03-24 02:27:47 -0500 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-03-26 11:43:54 -0500 |
commit | 621d9e5c413e561293d7484b93882d985b3fe15f (patch) | |
tree | 638f3d75761c121d9a8fb50b52a12a6686c5ac5c /pki/base/common/src/com/netscape/cms/profile/def | |
parent | 40d3643b8d91886bf210aa27f711731c81a11e49 (diff) | |
download | pki-621d9e5c413e561293d7484b93882d985b3fe15f.tar.gz pki-621d9e5c413e561293d7484b93882d985b3fe15f.tar.xz pki-621d9e5c413e561293d7484b93882d985b3fe15f.zip |
Removed unnecessary pki folder.
Previously the source code was located inside a pki folder.
This folder was created during svn migration and is no longer
needed. This folder has now been removed and the contents have
been moved up one level.
Ticket #131
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/profile/def')
43 files changed, 0 insertions, 13583 deletions
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java deleted file mode 100644 index 4e4f951f7..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java +++ /dev/null @@ -1,454 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Locale; -import java.util.Vector; - -import netscape.security.extensions.AccessDescription; -import netscape.security.extensions.AuthInfoAccessExtension; -import netscape.security.util.ObjectIdentifier; -import netscape.security.x509.GeneralName; -import netscape.security.x509.GeneralNameInterface; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.common.NameValuePairs; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates Authuority Info Access extension. - * - * @version $Revision$, $Date$ - */ -public class AuthInfoAccessExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "authInfoAccessCritical"; - public static final String CONFIG_NUM_ADS = "authInfoAccessNumADs"; - public static final String CONFIG_AD_ENABLE = "authInfoAccessADEnable_"; - public static final String CONFIG_AD_METHOD = "authInfoAccessADMethod_"; - public static final String CONFIG_AD_LOCATIONTYPE = "authInfoAccessADLocationType_"; - public static final String CONFIG_AD_LOCATION = "authInfoAccessADLocation_"; - - public static final String VAL_CRITICAL = "authInfoAccessCritical"; - public static final String VAL_GENERAL_NAMES = "authInfoAccessGeneralNames"; - - private static final String AD_METHOD = "Method"; - private static final String AD_LOCATION_TYPE = "Location Type"; - private static final String AD_LOCATION = "Location"; - private static final String AD_ENABLE = "Enable"; - - private static final int DEF_NUM_AD = 1; - private static final int MAX_NUM_AD = 100; - - public AuthInfoAccessExtDefault() { - super(); - } - - protected int getNumAds() { - int num = DEF_NUM_AD; - String numAds = getConfig(CONFIG_NUM_ADS); - - if (numAds != null) { - try { - num = Integer.parseInt(numAds); - } catch (NumberFormatException e) { - // ignore - } - } - - if (num > MAX_NUM_AD) { - num = DEF_NUM_AD; - } - - return num; - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - refreshConfigAndValueNames(); - } - - public void setConfig(String name, String value) - throws EPropertyException { - int num = 0; - if (name.equals(CONFIG_NUM_ADS)) { - try { - num = Integer.parseInt(value); - - if (num >= MAX_NUM_AD || num < 0) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); - } - - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); - } - } - super.setConfig(name, value); - } - - public Enumeration<String> getConfigNames() { - refreshConfigAndValueNames(); - return super.getConfigNames(); - } - - protected void refreshConfigAndValueNames() { - //refesh our config name list - - super.refreshConfigAndValueNames(); - mConfigNames.removeAllElements(); - addValueName(VAL_CRITICAL); - addValueName(VAL_GENERAL_NAMES); - - // register configuration names bases on num ads - addConfigName(CONFIG_CRITICAL); - int num = getNumAds(); - - addConfigName(CONFIG_NUM_ADS); - for (int i = 0; i < num; i++) { - addConfigName(CONFIG_AD_METHOD + i); - addConfigName(CONFIG_AD_LOCATIONTYPE + i); - addConfigName(CONFIG_AD_LOCATION + i); - addConfigName(CONFIG_AD_ENABLE + i); - } - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.startsWith(CONFIG_AD_METHOD)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_AD_METHOD")); - } else if (name.startsWith(CONFIG_AD_LOCATIONTYPE)) { - return new Descriptor(IDescriptor.CHOICE, - "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", - "URIName", - CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATIONTYPE")); - } else if (name.startsWith(CONFIG_AD_LOCATION)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATION")); - } else if (name.startsWith(CONFIG_AD_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_AD_ENABLE")); - } else if (name.startsWith(CONFIG_NUM_ADS)) { - return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ADS")); - } - return null; - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_GENERAL_NAMES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - AuthInfoAccessExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - AuthInfoAccessExtension a = new AuthInfoAccessExtension(false); - ObjectIdentifier oid = a.getExtensionId(); - - ext = (AuthInfoAccessExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - populate(null, info); - } - - if (name.equals(VAL_CRITICAL)) { - - ext = (AuthInfoAccessExtension) - getExtension(oid.toString(), info); - boolean val = Boolean.valueOf(value).booleanValue(); - - if (ext == null) { - return; - } - ext.setCritical(val); - } else if (name.equals(VAL_GENERAL_NAMES)) { - - ext = (AuthInfoAccessExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - return; - } - boolean critical = ext.isCritical(); - - Vector<NameValuePairs> v = parseRecords(value); - int size = v.size(); - - ext = new AuthInfoAccessExtension(critical); - String method = null; - String locationType = null; - String location = null; - String enable = null; - - for (int i = 0; i < size; i++) { - NameValuePairs nvps = v.elementAt(i); - - for (String name1 : nvps.keySet()) { - - if (name1.equals(AD_METHOD)) { - method = nvps.get(name1); - } else if (name1.equals(AD_LOCATION_TYPE)) { - locationType = nvps.get(name1); - } else if (name1.equals(AD_LOCATION)) { - location = nvps.get(name1); - } else if (name1.equals(AD_ENABLE)) { - enable = nvps.get(name1); - } - } - - if (enable != null && enable.equals("true")) { - GeneralName gn = null; - - if (locationType != null || location != null) { - GeneralNameInterface interface1 = parseGeneralName(locationType + ":" + location); - if (interface1 == null) - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", locationType)); - gn = new GeneralName(interface1); - } - - if (method != null) { - try { - ext.addAccessDescription(new ObjectIdentifier(method), gn); - } catch (NumberFormatException ee) { - CMS.debug("AuthInfoAccessExtDefault: " + ee.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_PROFILE_DEF_AIA_OID", method)); - } - } - } - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - replaceExtension(ext.getExtensionId().toString(), ext, info); - } catch (IOException e) { - CMS.debug("AuthInfoAccessExtDefault: " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } catch (EProfileException e) { - CMS.debug("AuthInfoAccessExtDefault: " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - AuthInfoAccessExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - AuthInfoAccessExtension a = new AuthInfoAccessExtension(false); - ObjectIdentifier oid = a.getExtensionId(); - - ext = (AuthInfoAccessExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - CMS.debug("AuthInfoAccessExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - if (name.equals(VAL_CRITICAL)) { - - ext = (AuthInfoAccessExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_GENERAL_NAMES)) { - - ext = (AuthInfoAccessExtension) - getExtension(oid.toString(), info); - - if (ext == null) - return ""; - - int num = getNumAds(); - - CMS.debug("AuthInfoAccess num=" + num); - Vector<NameValuePairs> recs = new Vector<NameValuePairs>(); - - for (int i = 0; i < num; i++) { - NameValuePairs np = new NameValuePairs(); - AccessDescription des = null; - - if (i < ext.numberOfAccessDescription()) { - des = ext.getAccessDescription(i); - } - if (des == null) { - np.put(AD_METHOD, ""); - np.put(AD_LOCATION_TYPE, ""); - np.put(AD_LOCATION, ""); - np.put(AD_ENABLE, "false"); - } else { - ObjectIdentifier methodOid = des.getMethod(); - GeneralName gn = des.getLocation(); - - np.put(AD_METHOD, methodOid.toString()); - np.put(AD_LOCATION_TYPE, getGeneralNameType(gn)); - np.put(AD_LOCATION, getGeneralNameValue(gn)); - np.put(AD_ENABLE, "true"); - } - recs.addElement(np); - } - - return buildRecords(recs); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - StringBuffer ads = new StringBuffer(); - int num = getNumAds(); - - for (int i = 0; i < num; i++) { - ads.append("Record #"); - ads.append(i); - ads.append("{"); - ads.append(AD_METHOD + ":"); - ads.append(getConfig(CONFIG_AD_METHOD + i)); - ads.append(","); - ads.append(AD_LOCATION_TYPE + ":"); - ads.append(getConfig(CONFIG_AD_LOCATIONTYPE + i)); - ads.append(","); - ads.append(AD_LOCATION + ":"); - ads.append(getConfig(CONFIG_AD_LOCATION + i)); - ads.append(","); - ads.append(AD_ENABLE + ":"); - ads.append(getConfig(CONFIG_AD_ENABLE + i)); - ads.append("}"); - } - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AIA_TEXT", - getConfig(CONFIG_CRITICAL), ads.toString()); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - AuthInfoAccessExtension ext = createExtension(); - - addExtension(ext.getExtensionId().toString(), ext, info); - } - - public AuthInfoAccessExtension createExtension() { - AuthInfoAccessExtension ext = null; - int num = getNumAds(); - - try { - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - - ext = new AuthInfoAccessExtension(critical); - for (int i = 0; i < num; i++) { - String enable = getConfig(CONFIG_AD_ENABLE + i); - if (enable != null && enable.equals("true")) { - CMS.debug("AuthInfoAccess: createExtension i=" + i); - String method = getConfig(CONFIG_AD_METHOD + i); - String locationType = getConfig(CONFIG_AD_LOCATIONTYPE + i); - if (locationType == null || locationType.length() == 0) - locationType = "URIName"; - String location = getConfig(CONFIG_AD_LOCATION + i); - - if (location == null || location.equals("")) { - if (method.equals("1.3.6.1.5.5.7.48.1")) { - String hostname = CMS.getEENonSSLHost(); - String port = CMS.getEENonSSLPort(); - if (hostname != null && port != null) - // location = "http://"+hostname+":"+port+"/ocsp/ee/ocsp"; - location = "http://" + hostname + ":" + port + "/ca/ocsp"; - } - } - - String s = locationType + ":" + location; - GeneralNameInterface gn = parseGeneralName(s); - if (gn != null) { - ext.addAccessDescription(new ObjectIdentifier(method), - new GeneralName(gn)); - } - } - } - } catch (Exception e) { - CMS.debug("AuthInfoAccessExtDefault: createExtension " + - e.toString()); - } - - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java deleted file mode 100644 index 6c0f6e9fc..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java +++ /dev/null @@ -1,152 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Locale; - -import netscape.security.x509.CertificateSubjectName; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfileAuthenticator; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy that - * populates subject name based on the attribute values - * in the authentication token (AuthToken) object. - * - * @version $Revision$, $Date$ - */ -public class AuthTokenSubjectNameDefault extends EnrollDefault { - - public static final String VAL_NAME = "name"; - - public AuthTokenSubjectNameDefault() { - super(); - addValueName(VAL_NAME); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_NAME)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - CMS.debug("AuthTokenSubjectNameDefault: begins"); - if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_NAME)) { - X500Name x500name = null; - - try { - x500name = new X500Name(value); - CMS.debug("AuthTokenSubjectNameDefault: setValue x500name=" + x500name.toString()); - } catch (IOException e) { - CMS.debug("AuthTokenSubjectNameDefault: setValue " + - e.toString()); - // failed to build x500 name - } - CMS.debug("AuthTokenSubjectNameDefault: setValue name=" + x500name.toString()); - try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("AuthTokenSubjectNameDefault: setValue " + - e.toString()); - } - } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) - throw new EPropertyException("Invalid name " + name); - if (name.equals(VAL_NAME)) { - CertificateSubjectName sn = null; - - try { - sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); - return sn.toString(); - } catch (Exception e) { - // nothing - CMS.debug("AuthTokenSubjectNameDefault: getValue " + - e.toString()); - } - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); - } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_AUTHTOKEN_SUBJECT_NAME"); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - - // authenticate the subject name and populate it - // to the certinfo - try { - X500Name name = new X500Name( - request.getExtDataInString(IProfileAuthenticator.AUTHENTICATED_NAME)); - - CMS.debug("AuthTokenSubjectNameDefault: X500Name=" + name.toString()); - info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(name)); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("AuthTokenSubjectNameDefault: " + e.toString()); - throw new EProfileException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java deleted file mode 100644 index 6ec75990c..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java +++ /dev/null @@ -1,190 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Locale; - -import netscape.security.x509.AuthorityKeyIdentifierExtension; -import netscape.security.x509.KeyIdentifier; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates Authority Key Identifier extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { - - public static final String VAL_CRITICAL = "critical"; - public static final String VAL_KEY_ID = "keyid"; - - public AuthorityKeyIdentifierExtDefault() { - super(); - - addValueName(VAL_CRITICAL); - addValueName(VAL_KEY_ID); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, null, CMS.getUserMessage(locale, - "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_KEY_ID)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, null, CMS.getUserMessage(locale, - "CMS_PROFILE_KEY_ID")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_CRITICAL)) { - // do nothing for read only value - } else if (name.equals(VAL_KEY_ID)) { - // do nothing for read only value - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - AuthorityKeyIdentifierExtension ext = - (AuthorityKeyIdentifierExtension) getExtension( - PKIXExtensions.AuthorityKey_Id.toString(), info); - - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - if (name.equals(VAL_CRITICAL)) { - ext = - (AuthorityKeyIdentifierExtension) getExtension( - PKIXExtensions.AuthorityKey_Id.toString(), info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_KEY_ID)) { - ext = - (AuthorityKeyIdentifierExtension) getExtension( - PKIXExtensions.AuthorityKey_Id.toString(), info); - - if (ext == null) { - // do something here - return ""; - } - KeyIdentifier kid = null; - - try { - kid = (KeyIdentifier) - ext.get(AuthorityKeyIdentifierExtension.KEY_ID); - } catch (IOException e) { - // - CMS.debug(e.toString()); - } - if (kid == null) - return ""; - return toHexString(kid.getIdentifier()); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AKI_EXT"); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - AuthorityKeyIdentifierExtension ext = createExtension(info); - - addExtension(PKIXExtensions.AuthorityKey_Id.toString(), ext, info); - } - - public AuthorityKeyIdentifierExtension createExtension(X509CertInfo info) { - KeyIdentifier kid = null; - String localKey = getConfig("localKey"); - if (localKey != null && localKey.equals("true")) { - kid = getKeyIdentifier(info); - } else { - kid = getCAKeyIdentifier(); - } - - if (kid == null) - return null; - AuthorityKeyIdentifierExtension ext = null; - - try { - ext = new AuthorityKeyIdentifierExtension(false, kid, null, null); - } catch (IOException e) { - CMS.debug("AuthorityKeyIdentifierExtDefault: createExtension " + - e.toString()); - } - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java deleted file mode 100644 index 043cf029b..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java +++ /dev/null @@ -1,96 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.util.Locale; - -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that automatically assign request to agent. - * - * @version $Revision$, $Date$ - */ -public class AutoAssignDefault extends EnrollDefault { - - public static final String CONFIG_ASSIGN_TO = "assignTo"; - - public AutoAssignDefault() { - super(); - addConfigName(CONFIG_ASSIGN_TO); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_ASSIGN_TO)) { - return new Descriptor(IDescriptor.STRING, - null, "admin", CMS.getUserMessage(locale, - "CMS_PROFILE_AUTO_ASSIGN")); - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - return null; - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - return null; - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AUTO_ASSIGN", - getConfig(CONFIG_ASSIGN_TO)); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - try { - request.setRequestOwner( - mapPattern(request, getConfig(CONFIG_ASSIGN_TO))); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("AutoAssignDefault: populate " + e.toString()); - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java deleted file mode 100644 index c442bf576..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java +++ /dev/null @@ -1,297 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Locale; - -import netscape.security.x509.BasicConstraintsExtension; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates Basic Constraint extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class BasicConstraintsExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "basicConstraintsCritical"; - public static final String CONFIG_IS_CA = "basicConstraintsIsCA"; - public static final String CONFIG_PATH_LEN = "basicConstraintsPathLen"; - - public static final String VAL_CRITICAL = "basicConstraintsCritical"; - public static final String VAL_IS_CA = "basicConstraintsIsCA"; - public static final String VAL_PATH_LEN = "basicConstraintsPathLen"; - - public BasicConstraintsExtDefault() { - super(); - addValueName(VAL_CRITICAL); - addValueName(VAL_IS_CA); - addValueName(VAL_PATH_LEN); - - addConfigName(CONFIG_CRITICAL); - addConfigName(CONFIG_IS_CA); - addConfigName(CONFIG_PATH_LEN); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(CONFIG_IS_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "true", - CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA")); - } else if (name.equals(CONFIG_PATH_LEN)) { - return new Descriptor(IDescriptor.INTEGER, null, - "-1", - CMS.getUserMessage(locale, "CMS_PROFILE_PATH_LEN")); - } - return null; - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_IS_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "true", - CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA")); - } else if (name.equals(VAL_PATH_LEN)) { - return new Descriptor(IDescriptor.INTEGER, null, - "-1", - CMS.getUserMessage(locale, "CMS_PROFILE_PATH_LEN")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - BasicConstraintsExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - - if (ext == null) { - populate(null, info); - } - - if (name.equals(VAL_CRITICAL)) { - - ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - boolean val = Boolean.valueOf(value).booleanValue(); - - if (ext == null) { - return; - } - ext.setCritical(val); - } else if (name.equals(VAL_IS_CA)) { - ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - if (ext == null) { - return; - } - Boolean isCA = Boolean.valueOf(value); - - ext.set(BasicConstraintsExtension.IS_CA, isCA); - } else if (name.equals(VAL_PATH_LEN)) { - ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - - if (ext == null) { - return; - } - Integer pathLen = Integer.valueOf(value); - - ext.set(BasicConstraintsExtension.PATH_LEN, pathLen); - } else { - throw new EPropertyException("Invalid name " + name); - } - replaceExtension(PKIXExtensions.BasicConstraints_Id.toString(), - ext, info); - } catch (IOException e) { - CMS.debug("BasicConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } catch (EProfileException e) { - CMS.debug("BasicConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - try { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - BasicConstraintsExtension ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - - if (ext == null) { - CMS.debug("BasicConstraintsExtDefault: getValue ext is null, populating a new one "); - - try { - populate(null, info); - - } catch (EProfileException e) { - CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - if (name.equals(VAL_CRITICAL)) { - ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_IS_CA)) { - ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - - if (ext == null) { - return null; - } - Boolean isCA = (Boolean) ext.get(BasicConstraintsExtension.IS_CA); - - return isCA.toString(); - } else if (name.equals(VAL_PATH_LEN)) { - ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - - if (ext == null) { - return null; - } - Integer pathLen = (Integer) - ext.get(BasicConstraintsExtension.PATH_LEN); - - String pLen = null; - - pLen = pathLen.toString(); - if (pLen.equals("-2")) { - //This is done for bug 621700. Profile constraints actually checks for -1 - //The low level security class for some reason sets this to -2 - //This will allow the request to be approved successfuly by the agent. - - pLen = "-1"; - - } - - CMS.debug("BasicConstriantsExtDefault getValue(pLen) " + pLen); - - return pLen; - - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } catch (IOException e) { - CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_IS_CA), - getConfig(CONFIG_PATH_LEN) - }; - - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_BASIC_CONSTRAINTS_EXT", params); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - BasicConstraintsExtension ext = createExtension(); - - addExtension(PKIXExtensions.BasicConstraints_Id.toString(), ext, - info); - } - - public BasicConstraintsExtension createExtension() { - BasicConstraintsExtension ext = null; - - boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL)).booleanValue(); - boolean isCA = Boolean.valueOf(getConfig(CONFIG_IS_CA)).booleanValue(); - String pathLenStr = getConfig(CONFIG_PATH_LEN); - - int pathLen = -2; - - if (!pathLenStr.equals("")) { - - pathLen = Integer.valueOf(pathLenStr).intValue(); - } - - try { - ext = new BasicConstraintsExtension(isCA, critical, pathLen); - } catch (Exception e) { - CMS.debug("BasicConstraintsExtDefault: createExtension " + - e.toString()); - return null; - } - ext.setCritical(critical); - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java deleted file mode 100644 index 872e32960..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java +++ /dev/null @@ -1,106 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.security.cert.CertificateException; - -import netscape.security.x509.CertificateX509Key; -import netscape.security.x509.KeyIdentifier; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.SubjectKeyIdentifierExtension; -import netscape.security.x509.X509CertImpl; -import netscape.security.x509.X509CertInfo; -import netscape.security.x509.X509Key; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.ca.ICertificateAuthority; - -/** - * This class implements an abstract CA specific - * Enrollment default. This policy can only be - * used with CA subsystem. - * - * @version $Revision$, $Date$ - */ -public abstract class CAEnrollDefault extends EnrollDefault { - public CAEnrollDefault() { - } - - public KeyIdentifier getKeyIdentifier(X509CertInfo info) { - try { - CertificateX509Key ckey = (CertificateX509Key) - info.get(X509CertInfo.KEY); - X509Key key = (X509Key) ckey.get(CertificateX509Key.KEY); - MessageDigest md = MessageDigest.getInstance("SHA-1"); - - md.update(key.getKey()); - byte[] hash = md.digest(); - - return new KeyIdentifier(hash); - } catch (IOException e) { - CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + - e.toString()); - } catch (CertificateException e) { - CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + - e.toString()); - } catch (NoSuchAlgorithmException e) { - CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + - e.toString()); - } - return null; - } - - public KeyIdentifier getCAKeyIdentifier() { - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); - X509CertImpl caCert = ca.getCACert(); - if (caCert == null) { - // during configuration, we dont have the CA certificate - return null; - } - X509Key key = (X509Key) caCert.getPublicKey(); - - SubjectKeyIdentifierExtension subjKeyIdExt = - (SubjectKeyIdentifierExtension) - caCert.getExtension(PKIXExtensions.SubjectKey_Id.toString()); - if (subjKeyIdExt != null) { - try { - KeyIdentifier keyId = (KeyIdentifier) subjKeyIdExt.get( - SubjectKeyIdentifierExtension.KEY_ID); - return keyId; - } catch (IOException e) { - } - } - - try { - MessageDigest md = MessageDigest.getInstance("SHA-1"); - - md.update(key.getKey()); - byte[] hash = md.digest(); - - return new KeyIdentifier(hash); - } catch (NoSuchAlgorithmException e) { - CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + - e.toString()); - } - return null; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java deleted file mode 100644 index e3b834ce5..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java +++ /dev/null @@ -1,348 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.text.ParsePosition; -import java.text.SimpleDateFormat; -import java.util.Date; -import java.util.Locale; - -import netscape.security.x509.BasicConstraintsExtension; -import netscape.security.x509.CertificateValidity; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.ca.ICertificateAuthority; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements a CA signing cert enrollment default policy - * that populates a server-side configurable validity - * into the certificate template. - * It allows an agent to bypass the CA's signing cert's expiration constraint - */ -public class CAValidityDefault extends EnrollDefault { - public static final String CONFIG_RANGE = "range"; - public static final String CONFIG_START_TIME = "startTime"; - public static final String CONFIG_BYPASS_CA_NOTAFTER = "bypassCAnotafter"; - - public static final String VAL_NOT_BEFORE = "notBefore"; - public static final String VAL_NOT_AFTER = "notAfter"; - public static final String VAL_BYPASS_CA_NOTAFTER = "bypassCAnotafter"; - - public static final String DATE_FORMAT = "yyyy-MM-dd HH:mm:ss"; - - private long mDefault = 86400000; // 1 days - public ICertificateAuthority mCA = null; - - public CAValidityDefault() { - super(); - addConfigName(CONFIG_RANGE); - addConfigName(CONFIG_START_TIME); - addConfigName(CONFIG_BYPASS_CA_NOTAFTER); - - addValueName(VAL_NOT_BEFORE); - addValueName(VAL_NOT_AFTER); - addValueName(VAL_BYPASS_CA_NOTAFTER); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - mCA = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); - } - - public void setConfig(String name, String value) - throws EPropertyException { - if (name.equals(CONFIG_RANGE)) { - try { - Integer.parseInt(value); - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_RANGE)); - } - } else if (name.equals(CONFIG_START_TIME)) { - try { - Integer.parseInt(value); - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_START_TIME)); - } - } - super.setConfig(name, value); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_RANGE)) { - return new Descriptor(IDescriptor.STRING, - null, - "2922", /* 8 years */ - CMS.getUserMessage(locale, - "CMS_PROFILE_VALIDITY_RANGE")); - } else if (name.equals(CONFIG_START_TIME)) { - return new Descriptor(IDescriptor.STRING, - null, - "60", /* 1 minute */ - CMS.getUserMessage(locale, - "CMS_PROFILE_VALIDITY_START_TIME")); - } else if (name.equals(CONFIG_BYPASS_CA_NOTAFTER)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_BYPASS_CA_NOTAFTER")); - - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_NOT_BEFORE)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_NOT_BEFORE")); - } else if (name.equals(VAL_NOT_AFTER)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_NOT_AFTER")); - } else if (name.equals(VAL_BYPASS_CA_NOTAFTER)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_BYPASS_CA_NOTAFTER")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (value == null || value.equals("")) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - CMS.debug("CAValidityDefault: setValue name= " + name); - - if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); - ParsePosition pos = new ParsePosition(0); - Date date = formatter.parse(value, pos); - CertificateValidity validity = null; - - try { - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); - validity.set(CertificateValidity.NOT_BEFORE, - date); - } catch (Exception e) { - CMS.debug("CAValidityDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); - ParsePosition pos = new ParsePosition(0); - Date date = formatter.parse(value, pos); - CertificateValidity validity = null; - - try { - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); - validity.set(CertificateValidity.NOT_AFTER, - date); - } catch (Exception e) { - CMS.debug("CAValidityDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else if (name.equals(VAL_BYPASS_CA_NOTAFTER)) { - boolean bypassCAvalidity = Boolean.valueOf(value).booleanValue(); - CMS.debug("CAValidityDefault: setValue: bypassCAvalidity=" + bypassCAvalidity); - - BasicConstraintsExtension ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - - if (ext == null) { - CMS.debug("CAValidityDefault: setValue: this default cannot be applied to non-CA cert."); - return; - } - try { - Boolean isCA = (Boolean) ext.get(BasicConstraintsExtension.IS_CA); - if (isCA.booleanValue() != true) { - CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert."); - return; - } - } catch (Exception e) { - CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert." + e.toString()); - return; - } - - CertificateValidity validity = null; - Date notAfter = null; - try { - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); - notAfter = (Date) validity.get(CertificateValidity.NOT_AFTER); - } catch (Exception e) { - CMS.debug("CAValidityDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - // not to exceed CA's expiration - Date caNotAfter = - mCA.getSigningUnit().getCertImpl().getNotAfter(); - - if (notAfter.after(caNotAfter)) { - if (bypassCAvalidity == false) { - notAfter = caNotAfter; - CMS.debug("CAValidityDefault: setValue: bypassCAvalidity off. reset notAfter to caNotAfter. reset "); - } else { - CMS.debug("CAValidityDefault: setValue: bypassCAvalidity on. notAfter is after caNotAfter. no reset"); - } - } - try { - validity.set(CertificateValidity.NOT_AFTER, - notAfter); - } catch (Exception e) { - CMS.debug("CAValidityDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - - if (name == null) - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - - CMS.debug("CAValidityDefault: getValue: name= " + name); - if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); - CertificateValidity validity = null; - - try { - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); - return formatter.format((Date) - validity.get(CertificateValidity.NOT_BEFORE)); - } catch (Exception e) { - CMS.debug("CAValidityDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); - CertificateValidity validity = null; - - try { - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); - return formatter.format((Date) - validity.get(CertificateValidity.NOT_AFTER)); - } catch (Exception e) { - CMS.debug("CAValidityDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else if (name.equals(VAL_BYPASS_CA_NOTAFTER)) { - return "false"; - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_RANGE), - getConfig(CONFIG_BYPASS_CA_NOTAFTER) - }; - - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", params); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - - // always + 60 seconds - String startTimeStr = getConfig(CONFIG_START_TIME); - try { - startTimeStr = mapPattern(request, startTimeStr); - } catch (IOException e) { - CMS.debug("CAValidityDefault: populate " + e.toString()); - } - - if (startTimeStr == null || startTimeStr.equals("")) { - startTimeStr = "60"; - } - int startTime = Integer.parseInt(startTimeStr); - Date notBefore = new Date(CMS.getCurrentDate().getTime() + (1000 * startTime)); - long notAfterVal = 0; - - try { - String rangeStr = getConfig(CONFIG_RANGE); - rangeStr = mapPattern(request, rangeStr); - notAfterVal = notBefore.getTime() + - (mDefault * Integer.parseInt(rangeStr)); - } catch (Exception e) { - // configured value is not correct - CMS.debug("CAValidityDefault: populate " + e.toString()); - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_RANGE)); - } - Date notAfter = new Date(notAfterVal); - - CertificateValidity validity = - new CertificateValidity(notBefore, notAfter); - - try { - info.set(X509CertInfo.VALIDITY, validity); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("CAValidityDefault: populate " + e.toString()); - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_INVALID_PROPERTY", X509CertInfo.VALIDITY)); - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java deleted file mode 100644 index d1def3d5d..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java +++ /dev/null @@ -1,696 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Locale; -import java.util.StringTokenizer; -import java.util.Vector; - -import netscape.security.util.BitArray; -import netscape.security.x509.CRLDistributionPoint; -import netscape.security.x509.CRLDistributionPointsExtension; -import netscape.security.x509.CRLDistributionPointsExtension.Reason; -import netscape.security.x509.GeneralName; -import netscape.security.x509.GeneralNames; -import netscape.security.x509.GeneralNamesException; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.RDN; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.common.NameValuePairs; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a CRL Distribution points extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class CRLDistributionPointsExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "crlDistPointsCritical"; - public static final String CONFIG_NUM_POINTS = "crlDistPointsNum"; - public static final String CONFIG_POINT_TYPE = "crlDistPointsPointType_"; - public static final String CONFIG_POINT_NAME = "crlDistPointsPointName_"; - public static final String CONFIG_REASONS = "crlDistPointsReasons_"; - public static final String CONFIG_ISSUER_TYPE = "crlDistPointsIssuerType_"; - public static final String CONFIG_ISSUER_NAME = "crlDistPointsIssuerName_"; - public static final String CONFIG_ENABLE = "crlDistPointsEnable_"; - - public static final String VAL_CRITICAL = "crlDistPointsCritical"; - public static final String VAL_CRL_DISTRIBUTION_POINTS = "crlDistPointsValue"; - - private static final String REASONS = "Reasons"; - private static final String POINT_TYPE = "Point Type"; - private static final String POINT_NAME = "Point Name"; - private static final String ISSUER_TYPE = "Issuer Type"; - private static final String ISSUER_NAME = "Issuer Name"; - private static final String ENABLE = "Enable"; - - private static final String RELATIVETOISSUER = "RelativeToIssuer"; - - private static final int DEF_NUM_POINTS = 1; - private static final int MAX_NUM_POINTS = 100; - - public CRLDistributionPointsExtDefault() { - super(); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - refreshConfigAndValueNames(); - } - - public void setConfig(String name, String value) - throws EPropertyException { - int num = 0; - if (name.equals(CONFIG_NUM_POINTS)) { - try { - num = Integer.parseInt(value); - - if (num >= MAX_NUM_POINTS || num < 0) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS)); - } - - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS)); - } - } - super.setConfig(name, value); - } - - public Enumeration<String> getConfigNames() { - refreshConfigAndValueNames(); - return super.getConfigNames(); - } - - protected void refreshConfigAndValueNames() { - super.refreshConfigAndValueNames(); - - addValueName(VAL_CRITICAL); - addValueName(VAL_CRL_DISTRIBUTION_POINTS); - - addConfigName(CONFIG_CRITICAL); - int num = getNumPoints(); - - addConfigName(CONFIG_NUM_POINTS); - for (int i = 0; i < num; i++) { - addConfigName(CONFIG_POINT_TYPE + i); - addConfigName(CONFIG_POINT_NAME + i); - addConfigName(CONFIG_REASONS + i); - addConfigName(CONFIG_ISSUER_TYPE + i); - addConfigName(CONFIG_ISSUER_NAME + i); - addConfigName(CONFIG_ENABLE + i); - } - } - - protected int getNumPoints() { - int num = DEF_NUM_POINTS; - String val = getConfig(CONFIG_NUM_POINTS); - - if (val != null) { - try { - num = Integer.parseInt(val); - } catch (NumberFormatException e) { - // ignore - } - } - - if (num >= MAX_NUM_POINTS) - num = DEF_NUM_POINTS; - - return num; - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.startsWith(CONFIG_POINT_TYPE)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_POINT_TYPE")); - } else if (name.startsWith(CONFIG_POINT_NAME)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_POINT_NAME")); - } else if (name.startsWith(CONFIG_REASONS)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_REASONS")); - } else if (name.startsWith(CONFIG_ISSUER_TYPE)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_TYPE")); - } else if (name.startsWith(CONFIG_ISSUER_NAME)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_NAME")); - } else if (name.startsWith(CONFIG_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); - } else if (name.startsWith(CONFIG_NUM_POINTS)) { - return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_DIST_POINTS")); - - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_CRL_DISTRIBUTION_POINTS")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - CRLDistributionPointsExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = (CRLDistributionPointsExtension) - getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); - - if (ext == null) { - populate(locale, info); - } - - if (name.equals(VAL_CRITICAL)) { - ext = (CRLDistributionPointsExtension) - getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); - boolean val = Boolean.valueOf(value).booleanValue(); - - if (ext == null) { - return; - } - ext.setCritical(val); - } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { - ext = (CRLDistributionPointsExtension) - getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); - - if (ext == null) { - return; - } - Vector<NameValuePairs> v = parseRecords(value); - int size = v.size(); - - boolean critical = ext.isCritical(); - int i = 0; - - for (; i < size; i++) { - NameValuePairs nvps = v.elementAt(i); - String pointType = null; - String pointValue = null; - String issuerType = null; - String issuerValue = null; - String enable = null; - CRLDistributionPoint cdp = new CRLDistributionPoint(); - - for (String name1 : nvps.keySet()) { - - if (name1.equals(REASONS)) { - addReasons(locale, cdp, REASONS, nvps.get(name1)); - } else if (name1.equals(POINT_TYPE)) { - pointType = nvps.get(name1); - } else if (name1.equals(POINT_NAME)) { - pointValue = nvps.get(name1); - } else if (name1.equals(ISSUER_TYPE)) { - issuerType = nvps.get(name1); - } else if (name1.equals(ISSUER_NAME)) { - issuerValue = nvps.get(name1); - } else if (name1.equals(ENABLE)) { - enable = nvps.get(name1); - } - } - - if (enable != null && enable.equals("true")) { - if (pointType != null) - addCRLPoint(locale, cdp, pointType, pointValue); - if (issuerType != null) - addIssuer(locale, cdp, issuerType, issuerValue); - - // this is the first distribution point - if (i == 0) { - ext = new CRLDistributionPointsExtension(cdp); - ext.setCritical(critical); - } else { - ext.addPoint(cdp); - } - } - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - replaceExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - ext, info); - } catch (EProfileException e) { - CMS.debug("CRLDistributionPointsExtDefault: setValue " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - private void addCRLPoint(Locale locale, CRLDistributionPoint cdp, String type, - String value) throws EPropertyException { - try { - if (value == null || value.length() == 0) - return; - - if (type.equals(RELATIVETOISSUER)) { - cdp.setRelativeName(new RDN(value)); - } else if (isGeneralNameType(type)) { - GeneralNames gen = new GeneralNames(); - gen.addElement(parseGeneralName(type, value)); - cdp.setFullName(gen); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", type)); - } - } catch (IOException e) { - CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", type)); - } catch (GeneralNamesException e) { - CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", type)); - } - } - - private void addIssuer(Locale locale, CRLDistributionPoint cdp, String type, - String value) throws EPropertyException { - if (value == null || value.length() == 0) - return; - try { - if (isGeneralNameType(type)) { - GeneralNames gen = new GeneralNames(); - - gen.addElement(parseGeneralName(type, value)); - cdp.setCRLIssuer(gen); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", type)); - } - } catch (IOException e) { - CMS.debug("CRLDistributionPointsExtDefault: addIssuer " + - e.toString()); - } catch (GeneralNamesException e) { - CMS.debug("CRLDistributionPointsExtDefault: addIssuer " + - e.toString()); - } - } - - private void addReasons(Locale locale, CRLDistributionPoint cdp, String type, - String value) throws EPropertyException { - if (value == null || value.length() == 0) - return; - if (type.equals(REASONS)) { - if (value != null && !value.equals("")) { - StringTokenizer st = new StringTokenizer(value, ", \t"); - byte reasonBits = 0; - - while (st.hasMoreTokens()) { - String s = st.nextToken(); - Reason r = Reason.fromString(s); - - if (r == null) { - CMS.debug("CRLDistributeionPointsExtDefault: addReasons Unknown reason: " + s); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", s)); - } else { - reasonBits |= r.getBitMask(); - } - } - - if (reasonBits != 0) { - BitArray ba = new BitArray(8, new byte[] { reasonBits } - ); - - cdp.setReasons(ba); - } - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", type)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - CRLDistributionPointsExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = (CRLDistributionPointsExtension) - getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); - - if (ext == null) { - try { - populate(locale, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - if (name.equals(VAL_CRITICAL)) { - ext = (CRLDistributionPointsExtension) - getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { - ext = (CRLDistributionPointsExtension) - getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); - - if (ext == null) - return ""; - - Vector<NameValuePairs> recs = new Vector<NameValuePairs>(); - int num = getNumPoints(); - - for (int i = 0; i < num; i++) { - NameValuePairs pairs = null; - - if (i < ext.getNumPoints()) { - CRLDistributionPoint p = ext.getPointAt(i); - GeneralNames gns = p.getFullName(); - - pairs = buildGeneralNames(gns, p); - recs.addElement(pairs); - } else { - pairs = buildEmptyGeneralNames(); - recs.addElement(pairs); - } - } - - return buildRecords(recs); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - protected NameValuePairs buildEmptyGeneralNames() { - NameValuePairs pairs = new NameValuePairs(); - - pairs.put(POINT_TYPE, ""); - pairs.put(POINT_NAME, ""); - pairs.put(REASONS, ""); - pairs.put(ISSUER_TYPE, ""); - pairs.put(ISSUER_NAME, ""); - pairs.put(ENABLE, "false"); - return pairs; - } - - protected NameValuePairs buildGeneralNames(GeneralNames gns, CRLDistributionPoint p) - throws EPropertyException { - - NameValuePairs pairs = new NameValuePairs(); - - RDN rdn = null; - boolean hasFullName = false; - - pairs.put(ENABLE, "true"); - if (gns == null) { - rdn = p.getRelativeName(); - if (rdn != null) { - hasFullName = true; - pairs.put(POINT_TYPE, RELATIVETOISSUER); - pairs.put(POINT_NAME, rdn.toString()); - } else { - pairs.put(POINT_TYPE, ""); - pairs.put(POINT_NAME, ""); - } - } else { - GeneralName gn = (GeneralName) gns.elementAt(0); - - if (gn != null) { - hasFullName = true; - - pairs.put(POINT_TYPE, getGeneralNameType(gn)); - pairs.put(POINT_NAME, getGeneralNameValue(gn)); - } - } - - if (!hasFullName) { - pairs.put(POINT_TYPE, GN_DIRECTORY_NAME); - pairs.put(POINT_NAME, ""); - } - - BitArray reasons = p.getReasons(); - String s = convertBitArrayToReasonNames(reasons); - - if (s.length() > 0) { - pairs.put(REASONS, s); - } else { - pairs.put(REASONS, ""); - } - - gns = p.getCRLIssuer(); - - if (gns == null) { - pairs.put(ISSUER_TYPE, GN_DIRECTORY_NAME); - pairs.put(ISSUER_NAME, ""); - } else { - GeneralName gn = (GeneralName) gns.elementAt(0); - - if (gn != null) { - hasFullName = true; - - pairs.put(ISSUER_TYPE, getGeneralNameType(gn)); - pairs.put(ISSUER_NAME, getGeneralNameValue(gn)); - } - } - return pairs; - } - - private String convertBitArrayToReasonNames(BitArray reasons) { - StringBuffer sb = new StringBuffer(); - - if (reasons != null) { - byte[] b = reasons.toByteArray(); - Reason[] reasonArray = Reason.bitArrayToReasonArray(b); - - for (int i = 0; i < reasonArray.length; i++) { - if (sb.length() > 0) - sb.append(","); - sb.append(reasonArray[i].getName()); - } - } - - return sb.toString(); - } - - public String getText(Locale locale) { - StringBuffer sb = new StringBuffer(); - int num = getNumPoints(); - - for (int i = 0; i < num; i++) { - sb.append("Record #"); - sb.append(i); - sb.append("{"); - sb.append(POINT_TYPE + ":"); - sb.append(getConfig(CONFIG_POINT_TYPE + i)); - sb.append(","); - sb.append(POINT_NAME + ":"); - sb.append(getConfig(CONFIG_POINT_NAME + i)); - sb.append(","); - sb.append(REASONS + ":"); - sb.append(getConfig(CONFIG_REASONS + i)); - sb.append(","); - sb.append(ISSUER_TYPE + ":"); - sb.append(getConfig(CONFIG_ISSUER_TYPE + i)); - sb.append(","); - sb.append(ISSUER_NAME + ":"); - sb.append(getConfig(CONFIG_ISSUER_NAME + i)); - sb.append(","); - sb.append(ENABLE + ":"); - sb.append(getConfig(CONFIG_ENABLE + i)); - sb.append("}"); - } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_CRL_DIST_POINTS_EXT", - getConfig(CONFIG_CRITICAL), - sb.toString()); - } - - /** - * Populates the request with this policy default. - */ - private void populate(Locale locale, X509CertInfo info) - throws EProfileException { - CRLDistributionPointsExtension ext = createExtension(locale); - - if (ext == null) - return; - addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - ext, info); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - CRLDistributionPointsExtension ext = createExtension(request); - - if (ext == null) - return; - addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - ext, info); - } - - public CRLDistributionPointsExtension createExtension(IRequest request) { - CRLDistributionPointsExtension ext = null; - int num = 0; - - try { - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - - num = getNumPoints(); - for (int i = 0; i < num; i++) { - CRLDistributionPoint cdp = new CRLDistributionPoint(); - - String enable = getConfig(CONFIG_ENABLE + i); - String pointType = getConfig(CONFIG_POINT_TYPE + i); - String pointName = getConfig(CONFIG_POINT_NAME + i); - String reasons = getConfig(CONFIG_REASONS + i); - String issuerType = getConfig(CONFIG_ISSUER_TYPE + i); - String issuerName = getConfig(CONFIG_ISSUER_NAME + i); - - if (enable != null && enable.equals("true")) { - if (pointType != null) - addCRLPoint(getLocale(request), cdp, pointType, pointName); - if (issuerType != null) - addIssuer(getLocale(request), cdp, issuerType, issuerName); - if (reasons != null) - addReasons(getLocale(request), cdp, REASONS, reasons); - - if (i == 0) { - ext = new CRLDistributionPointsExtension(cdp); - ext.setCritical(critical); - } else { - ext.addPoint(cdp); - } - } - } - } catch (Exception e) { - CMS.debug("CRLDistribtionPointsExtDefault: createExtension " + - e.toString()); - CMS.debug(e); - } - - return ext; - } - - private CRLDistributionPointsExtension createExtension(Locale locale) { - CRLDistributionPointsExtension ext = null; - int num = 0; - - try { - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - - num = getNumPoints(); - for (int i = 0; i < num; i++) { - CRLDistributionPoint cdp = new CRLDistributionPoint(); - - String enable = getConfig(CONFIG_ENABLE + i); - String pointType = getConfig(CONFIG_POINT_TYPE + i); - String pointName = getConfig(CONFIG_POINT_NAME + i); - String reasons = getConfig(CONFIG_REASONS + i); - String issuerType = getConfig(CONFIG_ISSUER_TYPE + i); - String issuerName = getConfig(CONFIG_ISSUER_NAME + i); - - if (enable != null && enable.equals("true")) { - if (pointType != null) - addCRLPoint(locale, cdp, pointType, pointName); - if (issuerType != null) - addIssuer(locale, cdp, issuerType, issuerName); - addReasons(locale, cdp, REASONS, reasons); - - if (i == 0) { - ext = new CRLDistributionPointsExtension(cdp); - ext.setCritical(critical); - } else { - ext.addPoint(cdp); - } - } - } - } catch (Exception e) { - CMS.debug("CRLDistribtionPointsExtDefault: createExtension " + - e.toString()); - CMS.debug(e); - } - - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java deleted file mode 100644 index 8d4ae2288..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java +++ /dev/null @@ -1,796 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.Locale; -import java.util.StringTokenizer; -import java.util.Vector; - -import netscape.security.util.ObjectIdentifier; -import netscape.security.x509.CPSuri; -import netscape.security.x509.CertificatePoliciesExtension; -import netscape.security.x509.CertificatePolicyId; -import netscape.security.x509.CertificatePolicyInfo; -import netscape.security.x509.DisplayText; -import netscape.security.x509.NoticeReference; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.PolicyQualifiers; -import netscape.security.x509.Qualifier; -import netscape.security.x509.UserNotice; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a policy mappings extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class CertificatePoliciesExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "Critical"; - public static final String CONFIG_PREFIX = "PoliciesExt.certPolicy"; - public static final String CONFIG_PREFIX1 = "PolicyQualifiers"; - public static final String CONFIG_POLICY_ENABLE = "enable"; - public static final String CONFIG_POLICY_NUM = "PoliciesExt.num"; - public static final String CONFIG_POLICY_ID = "policyId"; - public static final String CONFIG_POLICY_QUALIFIERS_NUM = "PolicyQualifiers.num"; - public static final String CONFIG_CPSURI_ENABLE = "CPSURI.enable"; - public static final String CONFIG_USERNOTICE_ENABLE = "usernotice.enable"; - public static final String CONFIG_CPSURI_VALUE = "CPSURI.value"; - public static final String CONFIG_USERNOTICE_ORG = "usernotice.noticeReference.organization"; - public static final String CONFIG_USERNOTICE_NUMBERS = "usernotice.noticeReference.noticeNumbers"; - public static final String CONFIG_USERNOTICE_TEXT = "usernotice.explicitText.value"; - - public static final String VAL_CRITICAL = "Critical"; - public static final String VAL_POLICY_QUALIFIERS = "policyQualifiers"; - - private static final String SEPARATOR = "."; - private static final int DEF_NUM_POLICIES = 5; - private static final int DEF_NUM_QUALIFIERS = 1; - private static final int MAX_NUM_POLICIES = 20; - private static final String POLICY_ID_ENABLE = "Enable"; - private static final String POLICY_ID = "Policy Id"; - private static final String POLICY_QUALIFIER_CPSURI_ENABLE = "CPSuri Enable"; - private static final String POLICY_QUALIFIER_USERNOTICE_ENABLE = "UserNotice Enable"; - private static final String USERNOTICE_REF_ORG = "UserNoticeReference Organization"; - private static final String USERNOTICE_REF_NUMBERS = "UserNoticeReference Numbers"; - private static final String USERNOTICE_EXPLICIT_TEXT = "UserNoticeReference Explicit Text"; - private static final String CPSURI = "CPS uri"; - - public CertificatePoliciesExtDefault() { - super(); - } - - protected int getNumPolicies() { - int num = DEF_NUM_POLICIES; - String numPolicies = getConfig(CONFIG_POLICY_NUM); - - if (numPolicies != null) { - try { - num = Integer.parseInt(numPolicies); - } catch (NumberFormatException e) { - // ignore - } - } - - if (num >= MAX_NUM_POLICIES) - num = DEF_NUM_POLICIES; - return num; - } - - protected int getNumQualifiers() { - int num = DEF_NUM_QUALIFIERS; - String numQualifiers = getConfig(CONFIG_POLICY_QUALIFIERS_NUM); - if (numQualifiers != null) { - try { - num = Integer.parseInt(numQualifiers); - } catch (NumberFormatException e) { - // ignore - } - } - return num; - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - - refreshConfigAndValueNames(); - } - - public void setConfig(String name, String value) - throws EPropertyException { - int num = 0; - if (name.equals(CONFIG_POLICY_NUM)) { - try { - num = Integer.parseInt(value); - - if (num >= MAX_NUM_POLICIES || num < 0) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_POLICY_NUM)); - } - - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_POLICY_NUM)); - } - } - super.setConfig(name, value); - } - - public Enumeration<String> getConfigNames() { - refreshConfigAndValueNames(); - return super.getConfigNames(); - } - - protected void refreshConfigAndValueNames() { - - super.refreshConfigAndValueNames(); - - addValueName(VAL_CRITICAL); - addValueName(VAL_POLICY_QUALIFIERS); - - addConfigName(CONFIG_CRITICAL); - int num = getNumPolicies(); - int numQualifiers = getNumQualifiers(); - - addConfigName(CONFIG_POLICY_NUM); - - for (int i = 0; i < num; i++) { - addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ID); - addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ENABLE); - for (int j = 0; j < numQualifiers; j++) { - addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_ENABLE); - addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ENABLE); - addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_VALUE); - addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ORG); - addConfigName(CONFIG_PREFIX - + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); - addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_TEXT); - } - } - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.indexOf(CONFIG_POLICY_ID) >= 0) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_ID")); - } else if (name.indexOf(CONFIG_CPSURI_ENABLE) >= 0) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_CPSURI_ENABLE")); - } else if (name.indexOf(CONFIG_USERNOTICE_ENABLE) >= 0) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_USERNOTICE_ENABLE")); - } else if (name.indexOf(CONFIG_POLICY_ENABLE) >= 0) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CERTIFICATE_POLICY_ENABLE")); - } else if (name.indexOf(CONFIG_POLICY_QUALIFIERS_NUM) >= 0) { - return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_NUM")); - } else if (name.indexOf(CONFIG_USERNOTICE_ORG) >= 0) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_USERNOTICE_REF_ORG")); - } else if (name.indexOf(CONFIG_USERNOTICE_NUMBERS) >= 0) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_USERNOTICE_REF_NUMBERS")); - } else if (name.indexOf(CONFIG_USERNOTICE_TEXT) >= 0) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_USERNOTICE_EXPLICIT_TEXT")); - } else if (name.indexOf(CONFIG_CPSURI_VALUE) >= 0) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_CPSURI")); - } else if (name.indexOf(CONFIG_POLICY_NUM) >= 0) { - return new Descriptor(IDescriptor.INTEGER, null, - "5", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICIES")); - } - return null; - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_POLICY_QUALIFIERS)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIERS")); - } - return null; - } - - private Hashtable<String, String> buildRecords(String value) throws EPropertyException { - StringTokenizer st = new StringTokenizer(value, "\r\n"); - Hashtable<String, String> table = new Hashtable<String, String>(); - while (st.hasMoreTokens()) { - String token = (String) st.nextToken(); - int index = token.indexOf(":"); - if (index <= 0) - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", token)); - String name = token.substring(0, index); - String val = ""; - if ((token.length() - 1) > index) { - val = token.substring(index + 1); - } - table.put(name, val); - } - - return table; - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - CertificatePoliciesExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_CRITICAL)) { - ext = (CertificatePoliciesExtension) - getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - info); - boolean val = Boolean.valueOf(value).booleanValue(); - - ext.setCritical(val); - } else if (name.equals(VAL_POLICY_QUALIFIERS)) { - ext = (CertificatePoliciesExtension) - getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - info); - - Hashtable<String, String> h = buildRecords(value); - - String numStr = (String) h.get(CONFIG_POLICY_NUM); - int size = Integer.parseInt(numStr); - - Vector<CertificatePolicyInfo> certificatePolicies = new Vector<CertificatePolicyInfo>(); - for (int i = 0; i < size; i++) { - String enable = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ENABLE); - CertificatePolicyInfo cinfo = null; - if (enable != null && enable.equals("true")) { - String policyId = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ID); - - if (policyId == null || policyId.length() == 0) - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID")); - CertificatePolicyId cpolicyId = getPolicyId(policyId); - - String qualifersNum = - (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_QUALIFIERS_NUM); - PolicyQualifiers policyQualifiers = new PolicyQualifiers(); - int num = 0; - if (qualifersNum != null && qualifersNum.length() > 0) - num = Integer.parseInt(qualifersNum); - for (int j = 0; j < num; j++) { - String cpsuriEnable = - (String) h.get(CONFIG_PREFIX - + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_ENABLE); - String usernoticeEnable = - (String) h - .get(CONFIG_PREFIX - + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR - + CONFIG_USERNOTICE_ENABLE); - if (cpsuriEnable != null && cpsuriEnable.equals("true")) { - String cpsuri = - (String) h.get(CONFIG_PREFIX - + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_VALUE); - netscape.security.x509.PolicyQualifierInfo qualifierInfo = createCPSuri(cpsuri); - if (qualifierInfo != null) - policyQualifiers.add(qualifierInfo); - } else if (usernoticeEnable != null && enable.equals("true")) { - String org = - (String) h.get(CONFIG_PREFIX - + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR - + CONFIG_USERNOTICE_ORG); - String noticenumbers = - (String) h.get(CONFIG_PREFIX - + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR - + CONFIG_USERNOTICE_NUMBERS); - String explicitText = - (String) h.get(CONFIG_PREFIX - + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR - + CONFIG_USERNOTICE_TEXT); - netscape.security.x509.PolicyQualifierInfo qualifierInfo = createUserNotice(org, - noticenumbers, explicitText); - if (qualifierInfo != null) - policyQualifiers.add(qualifierInfo); - } - } - - if (policyQualifiers.size() <= 0) { - cinfo = - new CertificatePolicyInfo(cpolicyId); - } else { - cinfo = - new CertificatePolicyInfo(cpolicyId, policyQualifiers); - } - if (cinfo != null) - certificatePolicies.addElement(cinfo); - } - } - - ext.set(CertificatePoliciesExtension.INFOS, certificatePolicies); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - replaceExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - ext, info); - } catch (EProfileException e) { - CMS.debug("CertificatePoliciesExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } catch (IOException e) { - CMS.debug("CertificatePoliciesExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - @SuppressWarnings("unchecked") - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - CertificatePoliciesExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - if (name.equals(VAL_CRITICAL)) { - ext = (CertificatePoliciesExtension) - getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_POLICY_QUALIFIERS)) { - ext = (CertificatePoliciesExtension) - getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - info); - - if (ext == null) - return ""; - - StringBuffer sb = new StringBuffer(); - int num_policies = getNumPolicies(); - sb.append(CONFIG_POLICY_NUM); - sb.append(":"); - sb.append(num_policies); - sb.append("\n"); - Vector<CertificatePolicyInfo> infos; - - try { - infos = (Vector<CertificatePolicyInfo>) ext.get(CertificatePoliciesExtension.INFOS); - } catch (IOException ee) { - infos = null; - } - - for (int i = 0; i < num_policies; i++) { - int qSize = 0; - String policyId = ""; - String policyEnable = "false"; - PolicyQualifiers qualifiers = null; - if (infos.size() > 0) { - CertificatePolicyInfo cinfo = - infos.elementAt(0); - - CertificatePolicyId id1 = cinfo.getPolicyIdentifier(); - policyId = id1.getIdentifier().toString(); - policyEnable = "true"; - qualifiers = cinfo.getPolicyQualifiers(); - if (qualifiers != null) - qSize = qualifiers.size(); - infos.removeElementAt(0); - } - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ENABLE); - sb.append(":"); - sb.append(policyEnable); - sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ID); - sb.append(":"); - sb.append(policyId); - sb.append("\n"); - - if (qSize == 0) { - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_QUALIFIERS_NUM); - sb.append(":"); - sb.append(DEF_NUM_QUALIFIERS); - sb.append("\n"); - } else { - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_QUALIFIERS_NUM); - sb.append(":"); - sb.append(qSize); - sb.append("\n"); - } - if (qSize == 0) { - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_CPSURI_ENABLE); - sb.append(":"); - sb.append("false"); - sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_CPSURI_VALUE); - sb.append(":"); - sb.append(""); - sb.append("\n"); - sb.append(CONFIG_PREFIX - + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_ENABLE); - sb.append(":"); - sb.append("false"); - sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_ORG); - sb.append(":"); - sb.append(""); - sb.append("\n"); - sb.append(CONFIG_PREFIX - + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); - sb.append(":"); - sb.append(""); - sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_TEXT); - sb.append(":"); - sb.append(""); - sb.append("\n"); - } - - for (int j = 0; j < qSize; j++) { - netscape.security.x509.PolicyQualifierInfo qinfo = qualifiers.getInfoAt(j); - ObjectIdentifier oid = qinfo.getId(); - Qualifier qualifier = qinfo.getQualifier(); - - String cpsuriEnable = "false"; - String usernoticeEnable = "false"; - String cpsuri = ""; - String org = ""; - StringBuffer noticeNum = new StringBuffer(); - String explicitText = ""; - - if (oid.toString().equals(netscape.security.x509.PolicyQualifierInfo.QT_CPS.toString())) { - cpsuriEnable = "true"; - CPSuri content = (CPSuri) qualifier; - cpsuri = content.getURI(); - } else if (oid.toString().equals(netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE.toString())) { - usernoticeEnable = "true"; - UserNotice content = (UserNotice) qualifier; - NoticeReference ref = content.getNoticeReference(); - if (ref != null) { - org = ref.getOrganization().getText(); - int[] nums = ref.getNumbers(); - for (int k = 0; k < nums.length; k++) { - if (k != 0) { - noticeNum.append(","); - noticeNum.append(nums[k]); - } else - noticeNum.append(nums[k]); - } - } - DisplayText displayText = content.getDisplayText(); - if (displayText != null) - explicitText = displayText.getText(); - } - - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_ENABLE); - sb.append(":"); - sb.append(cpsuriEnable); - sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_VALUE); - sb.append(":"); - sb.append(cpsuri); - sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ENABLE); - sb.append(":"); - sb.append(usernoticeEnable); - sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ORG); - sb.append(":"); - sb.append(org); - sb.append("\n"); - sb.append(CONFIG_PREFIX - + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); - sb.append(":"); - sb.append(noticeNum.toString()); - sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_TEXT); - sb.append(":"); - sb.append(explicitText); - sb.append("\n"); - } - } // end of for loop - return sb.toString(); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - StringBuffer sb = new StringBuffer(); - int num = getNumPolicies(); - int num1 = getNumQualifiers(); - - try { - IConfigStore basesubstore = getConfigStore().getSubStore("params"); - sb.append("{"); - sb.append(CONFIG_POLICY_NUM + ":"); - sb.append(num); - sb.append(","); - for (int i = 0; i < num; i++) { - sb.append("{"); - IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX + i); - String enable = substore.getString(CONFIG_POLICY_ENABLE, ""); - sb.append(POLICY_ID_ENABLE + ":"); - sb.append(enable); - sb.append(","); - String policyId = substore.getString(CONFIG_POLICY_ID, ""); - sb.append(POLICY_ID + ":"); - sb.append(policyId); - sb.append(","); - String qualifiersNum = substore.getString(CONFIG_POLICY_QUALIFIERS_NUM, ""); - sb.append(CONFIG_POLICY_QUALIFIERS_NUM + ":"); - sb.append(qualifiersNum); - sb.append(","); - for (int j = 0; j < num1; j++) { - IConfigStore substore1 = substore.getSubStore(CONFIG_PREFIX1 + j); - sb.append("{"); - String cpsuriEnable = substore1.getString(CONFIG_CPSURI_ENABLE, ""); - sb.append(POLICY_QUALIFIER_CPSURI_ENABLE + ":"); - sb.append(cpsuriEnable); - sb.append(","); - String usernoticeEnable = substore1.getString(CONFIG_USERNOTICE_ENABLE, ""); - sb.append(POLICY_QUALIFIER_USERNOTICE_ENABLE + ":"); - sb.append(usernoticeEnable); - sb.append(","); - String org = substore1.getString(CONFIG_USERNOTICE_ORG, ""); - sb.append(USERNOTICE_REF_ORG + ":"); - sb.append(org); - sb.append(","); - String refNums = substore1.getString(CONFIG_USERNOTICE_NUMBERS, ""); - sb.append(USERNOTICE_REF_NUMBERS + ":"); - sb.append(refNums); - sb.append(","); - String explicitText = substore1.getString(CONFIG_USERNOTICE_TEXT, ""); - sb.append(USERNOTICE_EXPLICIT_TEXT + ":"); - sb.append(explicitText); - sb.append(","); - String cpsuri = substore1.getString(CONFIG_CPSURI_VALUE, ""); - sb.append(CPSURI + ":"); - sb.append(cpsuri); - sb.append("}"); - } - sb.append("}"); - } - sb.append("}"); - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_CERTIFICATE_POLICIES_EXT", - getConfig(CONFIG_CRITICAL), sb.toString()); - } catch (Exception e) { - return ""; - } - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - CertificatePoliciesExtension ext = createExtension(); - - if (ext == null) - return; - addExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - ext, info); - } - - public CertificatePoliciesExtension createExtension() - throws EProfileException { - CertificatePoliciesExtension ext = null; - - try { - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - Vector<CertificatePolicyInfo> certificatePolicies = new Vector<CertificatePolicyInfo>(); - int num = getNumPolicies(); - CMS.debug("CertificatePoliciesExtension: createExtension: number of policies=" + num); - IConfigStore config = getConfigStore(); - - for (int i = 0; i < num; i++) { - IConfigStore basesubstore = config.getSubStore("params"); - IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX + i); - String enable = substore.getString(CONFIG_POLICY_ENABLE); - - CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy " + i + " enable=" + enable); - if (enable != null && enable.equals("true")) { - String policyId = substore.getString(CONFIG_POLICY_ID); - CertificatePolicyId cpolicyId = getPolicyId(policyId); - CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy " - + i + " policyId=" + policyId); - int qualifierNum = getNumQualifiers(); - PolicyQualifiers policyQualifiers = new PolicyQualifiers(); - for (int j = 0; j < qualifierNum; j++) { - IConfigStore substore1 = substore.getSubStore(CONFIG_PREFIX1 + j); - String cpsuriEnable = substore1.getString(CONFIG_CPSURI_ENABLE); - String usernoticeEnable = substore1.getString(CONFIG_USERNOTICE_ENABLE); - - if (cpsuriEnable != null && cpsuriEnable.equals("true")) { - String cpsuri = substore1.getString(CONFIG_CPSURI_VALUE, ""); - netscape.security.x509.PolicyQualifierInfo qualifierInfo = createCPSuri(cpsuri); - if (qualifierInfo != null) - policyQualifiers.add(qualifierInfo); - } else if (usernoticeEnable != null && - usernoticeEnable.equals("true")) { - - String org = substore1.getString(CONFIG_USERNOTICE_ORG); - String noticenumbers = substore1.getString(CONFIG_USERNOTICE_NUMBERS); - String explicitText = substore1.getString(CONFIG_USERNOTICE_TEXT); - netscape.security.x509.PolicyQualifierInfo qualifierInfo = createUserNotice(org, - noticenumbers, explicitText); - if (qualifierInfo != null) - policyQualifiers.add(qualifierInfo); - } - } - - CertificatePolicyInfo info = null; - if (policyQualifiers.size() <= 0) { - info = - new CertificatePolicyInfo(cpolicyId); - } else { - info = - new CertificatePolicyInfo(cpolicyId, policyQualifiers); - } - - if (info != null) - certificatePolicies.addElement(info); - } - } - - ext = new CertificatePoliciesExtension(critical, certificatePolicies); - } catch (EPropertyException e) { - throw new EProfileException(e.toString()); - } catch (EProfileException e) { - throw e; - } catch (Exception e) { - CMS.debug("CertificatePoliciesExtDefault: createExtension " + - e.toString()); - } - - return ext; - } - - private CertificatePolicyId getPolicyId(String policyId) throws EPropertyException { - if (policyId == null || policyId.length() == 0) - throw new EPropertyException(CMS.getUserMessage( - "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID")); - - CertificatePolicyId cpolicyId = null; - try { - cpolicyId = new CertificatePolicyId( - ObjectIdentifier.getObjectIdentifier(policyId)); - return cpolicyId; - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_PROFILE_CERTIFICATE_POLICIES_POLICYID_ERROR", policyId)); - } - } - - private netscape.security.x509.PolicyQualifierInfo createCPSuri(String uri) throws EPropertyException { - if (uri == null || uri.length() == 0) - throw new EPropertyException(CMS.getUserMessage( - "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_CPSURI")); - - CPSuri cpsURI = new CPSuri(uri); - netscape.security.x509.PolicyQualifierInfo policyQualifierInfo2 = - new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_CPS, - cpsURI); - - return policyQualifierInfo2; - } - - private netscape.security.x509.PolicyQualifierInfo createUserNotice(String organization, - String noticeText, String noticeNums) throws EPropertyException { - - if ((organization == null || organization.length() == 0) && - (noticeNums == null || noticeNums.length() == 0) && - (noticeText == null || noticeText.length() == 0)) - return null; - - DisplayText explicitText = null; - if (noticeText != null && noticeText.length() > 0) - explicitText = new DisplayText(DisplayText.tag_VisibleString, noticeText); - - int nums[] = null; - if (noticeNums != null && noticeNums.length() > 0) { - Vector<String> numsVector = new Vector<String>(); - StringTokenizer tokens = new StringTokenizer(noticeNums, ";"); - while (tokens.hasMoreTokens()) { - String num = tokens.nextToken().trim(); - numsVector.addElement(num); - } - - nums = new int[numsVector.size()]; - try { - for (int i = 0; i < numsVector.size(); i++) { - Integer ii = new Integer((String) numsVector.elementAt(i)); - nums[i] = ii.intValue(); - } - } catch (Exception e) { - throw new EPropertyException("Wrong notice numbers"); - } - } - - DisplayText orgName = null; - if (organization != null && organization.length() > 0) { - orgName = - new DisplayText(DisplayText.tag_VisibleString, organization); - } - - NoticeReference noticeReference = null; - - if (orgName != null) - noticeReference = new NoticeReference(orgName, nums); - - UserNotice userNotice = null; - if (explicitText != null || noticeReference != null) { - userNotice = new UserNotice(noticeReference, explicitText); - - netscape.security.x509.PolicyQualifierInfo policyQualifierInfo1 = - new netscape.security.x509.PolicyQualifierInfo( - netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE, userNotice); - return policyQualifierInfo1; - } - - return null; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java deleted file mode 100644 index d30f971dd..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java +++ /dev/null @@ -1,193 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.security.cert.CertificateException; -import java.util.Locale; - -import netscape.security.x509.CertificateVersion; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a Netscape comment extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class CertificateVersionDefault extends EnrollExtDefault { - - public static final String CONFIG_VERSION = "certVersionNum"; - - public static final String VAL_VERSION = "certVersionNum"; - - public CertificateVersionDefault() { - super(); - addValueName(VAL_VERSION); - - addConfigName(CONFIG_VERSION); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_VERSION)) { - return new Descriptor(IDescriptor.INTEGER, null, - "3", - CMS.getUserMessage(locale, "CMS_PROFILE_VERSION")); - } else { - return null; - } - } - - public void setConfig(String name, String value) - throws EPropertyException { - if (name.equals(CONFIG_VERSION)) { - try { - Integer.parseInt(value); - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_VERSION)); - } - } - super.setConfig(name, value); - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_VERSION)) { - return new Descriptor(IDescriptor.INTEGER, null, - "3", - CMS.getUserMessage(locale, "CMS_PROFILE_VERSION")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_VERSION)) { - if (value == null || value.equals("")) - throw new EPropertyException(name + " cannot be empty"); - else { - int version = Integer.valueOf(value).intValue() - 1; - - if (version == CertificateVersion.V1) - info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V1)); - else if (version == CertificateVersion.V2) - info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V2)); - else if (version == CertificateVersion.V3) - info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } catch (IOException e) { - CMS.debug("CertificateVersionDefault: setValue " + e.toString()); - } catch (CertificateException e) { - CMS.debug("CertificateVersionDefault: setValue " + e.toString()); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - if (name.equals(VAL_VERSION)) { - CertificateVersion v = null; - try { - v = (CertificateVersion) info.get( - X509CertInfo.VERSION); - } catch (Exception e) { - } - - if (v == null) - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - int version = v.compare(0); - - return "" + (version + 1); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_VERSION) - }; - - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_CERT_VERSION", params); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - String v = getConfig(CONFIG_VERSION); - int version = Integer.valueOf(v).intValue() - 1; - - try { - if (version == CertificateVersion.V1) - info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V1)); - else if (version == CertificateVersion.V2) - info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V2)); - else if (version == CertificateVersion.V3) - info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); - else { - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_VERSION)); - } - } catch (IOException e) { - } catch (CertificateException e) { - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java deleted file mode 100644 index 67ebadbe4..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java +++ /dev/null @@ -1,815 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Locale; -import java.util.NoSuchElementException; -import java.util.StringTokenizer; -import java.util.Vector; - -import netscape.security.extensions.KerberosName; -import netscape.security.util.DerInputStream; -import netscape.security.util.DerOutputStream; -import netscape.security.util.DerValue; -import netscape.security.util.ObjectIdentifier; -import netscape.security.x509.CertificateExtensions; -import netscape.security.x509.DNSName; -import netscape.security.x509.EDIPartyName; -import netscape.security.x509.Extension; -import netscape.security.x509.GeneralName; -import netscape.security.x509.GeneralNameInterface; -import netscape.security.x509.IPAddressName; -import netscape.security.x509.OIDName; -import netscape.security.x509.OtherName; -import netscape.security.x509.RFC822Name; -import netscape.security.x509.URIName; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IAttrSet; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.base.IPrettyPrintFormat; -import com.netscape.certsrv.common.NameValuePairs; -import com.netscape.certsrv.pattern.Pattern; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.ICertInfoPolicyDefault; -import com.netscape.certsrv.profile.IEnrollProfile; -import com.netscape.certsrv.profile.IPolicyDefault; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.common.EnrollProfile; - -/** - * This class implements an enrollment default policy. - * - * @version $Revision$, $Date$ - */ -public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDefault { - - public static final String PROP_NAME = "name"; - - public static final String GN_RFC822_NAME = "RFC822Name"; - public static final String GN_DNS_NAME = "DNSName"; - public static final String GN_URI_NAME = "URIName"; - public static final String GN_IP_NAME = "IPAddressName"; - public static final String GN_DIRECTORY_NAME = "DirectoryName"; - public static final String GN_EDI_NAME = "EDIPartyName"; - public static final String GN_ANY_NAME = "OtherName"; - public static final String GN_OID_NAME = "OIDName"; - - protected IConfigStore mConfig = null; - protected Vector<String> mConfigNames = new Vector<String>(); - protected Vector<String> mValueNames = new Vector<String>(); - - public EnrollDefault() { - } - - public Enumeration<String> getConfigNames() { - return mConfigNames.elements(); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - return null; - } - - public void addConfigName(String name) { - mConfigNames.addElement(name); - } - - public void setConfig(String name, String value) - throws EPropertyException { - if (mConfig.getSubStore("params") == null) { - // - } else { - mConfig.getSubStore("params").putString(name, value); - } - } - - public String getConfig(String name) { - try { - if (mConfig == null) - return null; - if (mConfig.getSubStore("params") != null) { - return mConfig.getSubStore("params").getString(name); - } - } catch (EBaseException e) { - } - return ""; - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - mConfig = config; - } - - /** - * Retrieves the localizable description of this policy. - * - * @param locale locale of the end user - * @return localized description of this default policy - */ - public abstract String getText(Locale locale); - - public IConfigStore getConfigStore() { - return mConfig; - } - - public String getName(Locale locale) { - try { - return mConfig.getString(PROP_NAME); - } catch (EBaseException e) { - return null; - } - } - - /** - * Populates attributes into the certificate template. - * - * @param request enrollment request - * @param info certificate template - * @exception EProfileException failed to populate attributes - * into request - */ - public abstract void populate(IRequest request, X509CertInfo info) - throws EProfileException; - - /** - * Sets values from the approval page into certificate template. - * - * @param name name of the attribute - * @param locale user locale - * @param info certificate template - * @param value attribute value - * @exception EProfileException failed to set attributes - * into request - */ - public abstract void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException; - - /** - * Retrieves certificate template values and returns them to - * the approval page. - * - * @param name name of the attribute - * @param locale user locale - * @param info certificate template - * @exception EProfileException failed to get attributes - * from request - */ - public abstract String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException; - - /** - * Populates the request with this policy default. - * - * The current implementation extracts enrollment specific attributes - * and calls the populate() method of the subclass. - * - * @param request request to be populated - * @exception EProfileException failed to populate - */ - public void populate(IRequest request) - throws EProfileException { - String name = getClass().getName(); - - name = name.substring(name.lastIndexOf('.') + 1); - CMS.debug(name + ": populate start"); - X509CertInfo info = - request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); - - populate(request, info); - - request.setExtData(IEnrollProfile.REQUEST_CERTINFO, info); - CMS.debug(name + ": populate end"); - } - - public void addValueName(String name) { - mValueNames.addElement(name); - } - - public Enumeration<String> getValueNames() { - return mValueNames.elements(); - } - - public IDescriptor getValueDescriptor(String name) { - return null; - } - - /** - * Sets the value of the given value property by name. - * - * The current implementation extracts enrollment specific attributes - * and calls the setValue() method of the subclass. - * - * @param name name of property - * @param locale locale of the end user - * @param request request - * @param value value to be set in the given request - * @exception EPropertyException failed to set property - */ - public void setValue(String name, Locale locale, IRequest request, - String value) - throws EPropertyException { - X509CertInfo info = - request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); - - setValue(name, locale, info, value); - - request.setExtData(IEnrollProfile.REQUEST_CERTINFO, info); - } - - /** - * Retrieves the value of the given value - * property by name. - * - * The current implementation extracts enrollment specific attributes - * and calls the getValue() method of the subclass. - * - * @param name name of property - * @param locale locale of the end user - * @param request request - * @exception EPropertyException failed to get property - */ - public String getValue(String name, Locale locale, IRequest request) - throws EPropertyException { - X509CertInfo info = - request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); - - String value = getValue(name, locale, info); - request.setExtData(IEnrollProfile.REQUEST_CERTINFO, info); - return value; - } - - public String toHexString(byte data[]) { - IPrettyPrintFormat pp = CMS.getPrettyPrintFormat(":"); - String s = pp.toHexString(data, 0, 16); - StringTokenizer st = new StringTokenizer(s, "\n"); - StringBuffer buffer = new StringBuffer(); - - while (st.hasMoreTokens()) { - buffer.append(st.nextToken()); - buffer.append("\\n"); - } - return buffer.toString(); - } - - protected void refreshConfigAndValueNames() { - mConfigNames.removeAllElements(); - mValueNames.removeAllElements(); - } - - protected void deleteExtension(String name, X509CertInfo info) { - CertificateExtensions exts = null; - - try { - exts = (CertificateExtensions) - info.get(X509CertInfo.EXTENSIONS); - if (exts == null) - return; - Enumeration<String> e = exts.getNames(); - - while (e.hasMoreElements()) { - String n = e.nextElement(); - Extension ext = (Extension) exts.get(n); - - if (ext.getExtensionId().toString().equals(name)) { - exts.delete(n); - } - } - } catch (Exception e) { - CMS.debug(e.toString()); - } - } - - protected Extension getExtension(String name, X509CertInfo info) { - CertificateExtensions exts = null; - - try { - exts = (CertificateExtensions) - info.get(X509CertInfo.EXTENSIONS); - } catch (Exception e) { - CMS.debug("EnrollDefault: getExtension " + e.toString()); - } - if (exts == null) - return null; - return getExtension(name, exts); - } - - protected Extension getExtension(String name, CertificateExtensions exts) { - if (exts == null) - return null; - Enumeration<Extension> e = exts.getAttributes(); - - while (e.hasMoreElements()) { - Extension ext = e.nextElement(); - - if (ext.getExtensionId().toString().equals(name)) { - return ext; - } - } - return null; - } - - protected void addExtension(String name, Extension ext, X509CertInfo info) - throws EProfileException { - if (ext == null) { - throw new EProfileException("extension not found"); - } - CertificateExtensions exts = null; - - Extension alreadyPresentExtension = getExtension(name, info); - - if (alreadyPresentExtension != null) { - String eName = ext.toString(); - CMS.debug("EnrollDefault.addExtension: duplicate extension attempted! Name: " + eName); - throw new EProfileException(CMS.getUserMessage("CMS_PROFILE_DUPLICATE_EXTENSION", eName)); - } - - try { - exts = (CertificateExtensions) - info.get(X509CertInfo.EXTENSIONS); - } catch (Exception e) { - CMS.debug("EnrollDefault: " + e.toString()); - } - if (exts == null) { - throw new EProfileException("extensions not found"); - } - try { - exts.set(name, ext); - } catch (IOException e) { - CMS.debug("EnrollDefault: " + e.toString()); - } - } - - protected void replaceExtension(String name, Extension ext, X509CertInfo info) - throws EProfileException { - deleteExtension(name, info); - addExtension(name, ext, info); - } - - protected boolean isOptional(String value) { - return value.equals(""); - } - - protected boolean getBoolean(String value) { - return Boolean.valueOf(value).booleanValue(); - } - - protected int getInt(String value) { - return Integer.valueOf(value).intValue(); - } - - protected boolean getConfigBoolean(String value) { - return getBoolean(getConfig(value)); - } - - protected int getConfigInt(String value) { - return getInt(getConfig(value)); - } - - protected boolean isGeneralNameValid(String name) { - if (name == null) - return false; - int pos = name.indexOf(':'); - if (pos == -1) - return false; - String nameValue = name.substring(pos + 1).trim(); - if (nameValue.equals("")) - return false; - return true; - } - - protected GeneralNameInterface parseGeneralName(String name) - throws IOException { - int pos = name.indexOf(':'); - if (pos == -1) - return null; - String nameType = name.substring(0, pos).trim(); - String nameValue = name.substring(pos + 1).trim(); - return parseGeneralName(nameType, nameValue); - } - - protected boolean isGeneralNameType(String nameType) { - if (nameType.equalsIgnoreCase("RFC822Name")) { - return true; - } - if (nameType.equalsIgnoreCase("DNSName")) { - return true; - } - if (nameType.equalsIgnoreCase("x400")) { - return true; - } - if (nameType.equalsIgnoreCase("DirectoryName")) { - return true; - } - if (nameType.equalsIgnoreCase("EDIPartyName")) { - return true; - } - if (nameType.equalsIgnoreCase("URIName")) { - return true; - } - if (nameType.equalsIgnoreCase("IPAddress")) { - return true; - } - if (nameType.equalsIgnoreCase("OIDName")) { - return true; - } - if (nameType.equalsIgnoreCase("OtherName")) { - return true; - } - return false; - } - - protected GeneralNameInterface parseGeneralName(String nameType, String nameValue) - throws IOException { - if (nameType.equalsIgnoreCase("RFC822Name")) { - return new RFC822Name(nameValue); - } - if (nameType.equalsIgnoreCase("DNSName")) { - return new DNSName(nameValue); - } - if (nameType.equalsIgnoreCase("x400")) { - // XXX - } - if (nameType.equalsIgnoreCase("DirectoryName")) { - return new X500Name(nameValue); - } - if (nameType.equalsIgnoreCase("EDIPartyName")) { - return new EDIPartyName(nameValue); - } - if (nameType.equalsIgnoreCase("URIName")) { - return new URIName(nameValue); - } - if (nameType.equalsIgnoreCase("IPAddress")) { - CMS.debug("IP Value:" + nameValue); - if (nameValue.indexOf('/') != -1) { - // CIDR support for NameConstraintsExt - StringTokenizer st = new StringTokenizer(nameValue, "/"); - String addr = st.nextToken(); - String netmask = st.nextToken(); - CMS.debug("addr:" + addr + " netmask: " + netmask); - return new IPAddressName(addr, netmask); - } else { - return new IPAddressName(nameValue); - } - } - if (nameType.equalsIgnoreCase("OIDName")) { - try { - // check if OID - new ObjectIdentifier(nameValue); - } catch (Exception e) { - return null; - } - return new OIDName(nameValue); - } - if (nameType.equals("OtherName")) { - if (nameValue == null || nameValue.length() == 0) - nameValue = " "; - if (nameValue.startsWith("(PrintableString)")) { - // format: OtherName: (PrintableString)oid,value - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_PrintableString, on_value); - } else { - return null; - } - } else if (nameValue.startsWith("(KerberosName)")) { - // Syntax: (KerberosName)Realm|NameType|NameString(s) - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf('|'); - int pos2 = nameValue.lastIndexOf('|'); - String realm = nameValue.substring(pos0 + 1, pos1).trim(); - String name_type = nameValue.substring(pos1 + 1, pos2).trim(); - String name_strings = nameValue.substring(pos2 + 1).trim(); - Vector<String> strings = new Vector<String>(); - StringTokenizer st = new StringTokenizer(name_strings, ","); - while (st.hasMoreTokens()) { - strings.addElement(st.nextToken()); - } - KerberosName name = new KerberosName(realm, - Integer.parseInt(name_type), strings); - // krb5 OBJECT IDENTIFIER ::= { iso (1) - // org (3) - // dod (6) - // internet (1) - // security (5) - // kerberosv5 (2) } - // krb5PrincipalName OBJECT IDENTIFIER ::= { krb5 2 } - return new OtherName(KerberosName.KRB5_PRINCIPAL_NAME, - name.toByteArray()); - } else if (nameValue.startsWith("(IA5String)")) { - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_IA5String, on_value); - } else { - return null; - } - } else if (nameValue.startsWith("(UTF8String)")) { - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_UTF8String, on_value); - } else { - return null; - } - } else if (nameValue.startsWith("(BMPString)")) { - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_BMPString, on_value); - } else { - return null; - } - } else if (nameValue.startsWith("(Any)")) { - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - CMS.debug("OID: " + on_oid + " Value:" + on_value); - return new OtherName(new ObjectIdentifier(on_oid), getBytes(on_value)); - } else { - CMS.debug("Invalid OID " + on_oid); - return null; - } - } else { - return null; - } - } - return null; - } - - /** - * Converts string containing pairs of characters in the range of '0' - * to '9', 'a' to 'f' to an array of bytes such that each pair of - * characters in the string represents an individual byte - */ - public byte[] getBytes(String string) { - if (string == null) - return null; - int stringLength = string.length(); - if ((stringLength == 0) || ((stringLength % 2) != 0)) - return null; - byte[] bytes = new byte[(stringLength / 2)]; - for (int i = 0, b = 0; i < stringLength; i += 2, ++b) { - String nextByte = string.substring(i, (i + 2)); - bytes[b] = (byte) Integer.parseInt(nextByte, 0x10); - } - return bytes; - } - - /** - * Check if a object identifier in string form is valid, - * that is a string in the form n.n.n.n and der encode and decode-able. - * - * @param oid object identifier string. - * @return true if the oid is valid - */ - public boolean isValidOID(String oid) { - ObjectIdentifier v = null; - try { - v = ObjectIdentifier.getObjectIdentifier(oid); - } catch (Exception e) { - return false; - } - if (v == null) - return false; - - // if the OID isn't valid (ex. n.n) the error isn't caught til - // encoding time leaving a bad request in the request queue. - try { - DerOutputStream derOut = new DerOutputStream(); - - derOut.putOID(v); - new ObjectIdentifier(new DerInputStream(derOut.toByteArray())); - } catch (Exception e) { - return false; - } - return true; - } - - protected String buildRecords(Vector<NameValuePairs> recs) throws EPropertyException { - StringBuffer sb = new StringBuffer(); - - for (int i = 0; i < recs.size(); i++) { - NameValuePairs pairs = recs.elementAt(i); - - sb.append("Record #"); - sb.append(i); - sb.append("\r\n"); - - for (String key : pairs.keySet()) { - String val = pairs.get(key); - - sb.append(key); - sb.append(":"); - sb.append(val); - sb.append("\r\n"); - } - sb.append("\r\n"); - - } - return sb.toString(); - } - - protected Vector<NameValuePairs> parseRecords(String value) throws EPropertyException { - StringTokenizer st = new StringTokenizer(value, "\r\n"); - int num = 0; - Vector<NameValuePairs> v = new Vector<NameValuePairs>(); - NameValuePairs nvps = null; - - while (st.hasMoreTokens()) { - String token = st.nextToken(); - - if (token.equals("Record #" + num)) { - CMS.debug("parseRecords: Record" + num); - nvps = new NameValuePairs(); - v.addElement(nvps); - try { - token = st.nextToken(); - } catch (NoSuchElementException e) { - v.removeElementAt(num); - CMS.debug(e.toString()); - return v; - } - num++; - } - - if (nvps == null) - throw new EPropertyException("Bad Input Format"); - - int pos = token.indexOf(":"); - - if (pos <= 0) { - CMS.debug("parseRecords: No colon found in the input line"); - throw new EPropertyException("Bad Input Format"); - } else { - if (pos == (token.length() - 1)) { - nvps.put(token.substring(0, pos), ""); - } else { - nvps.put(token.substring(0, pos), token.substring(pos + 1)); - } - } - } - - return v; - } - - protected String getGeneralNameType(GeneralName gn) - throws EPropertyException { - int type = gn.getType(); - - if (type == GeneralNameInterface.NAME_RFC822) - return "RFC822Name"; - else if (type == GeneralNameInterface.NAME_DNS) - return "DNSName"; - else if (type == GeneralNameInterface.NAME_URI) - return "URIName"; - else if (type == GeneralNameInterface.NAME_IP) - return "IPAddress"; - else if (type == GeneralNameInterface.NAME_DIRECTORY) - return "DirectoryName"; - else if (type == GeneralNameInterface.NAME_EDI) - return "EDIPartyName"; - else if (type == GeneralNameInterface.NAME_ANY) - return "OtherName"; - else if (type == GeneralNameInterface.NAME_OID) - return "OIDName"; - - throw new EPropertyException("Unsupported type: " + type); - } - - protected String getGeneralNameValue(GeneralName gn) throws EPropertyException { - String s = gn.toString(); - int type = gn.getType(); - - if (type == GeneralNameInterface.NAME_DIRECTORY) - return s; - else { - int pos = s.indexOf(":"); - - if (pos <= 0) - throw new EPropertyException("Badly formatted general name: " + s); - else { - return s.substring(pos + 1).trim(); - } - } - } - - public Locale getLocale(IRequest request) { - Locale locale = null; - - if (request == null) - return null; - - String language = request.getExtDataInString( - EnrollProfile.REQUEST_LOCALE); - if (language != null) { - locale = new Locale(language); - } - return locale; - } - - public String toGeneralNameString(GeneralNameInterface gn) { - int type = gn.getType(); - // Sun's General Name is not consistent, so we need - // to do a special case for directory string - if (type == GeneralNameInterface.NAME_DIRECTORY) { - return "DirectoryName: " + gn.toString(); - } - return gn.toString(); - } - - protected String mapPattern(IRequest request, String pattern) - throws IOException { - Pattern p = new Pattern(pattern); - IAttrSet attrSet = null; - if (request != null) { - attrSet = request.asIAttrSet(); - } - return p.substitute2("request", attrSet); - } - - protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) { - StringBuffer result = new StringBuffer(); - - // Do we need to escape any characters - for (int i = 0; i < v.length(); i++) { - int c = v.charAt(i); - if (c == ',' || c == '=' || c == '+' || c == '<' || - c == '>' || c == '#' || c == ';' || c == '\r' || - c == '\n' || c == '\\' || c == '"') { - if ((c == 0x5c) && ((i + 1) < v.length())) { - int nextC = v.charAt(i + 1); - if ((c == 0x5c) && (nextC == ',' || nextC == '=' || nextC == '+' || - nextC == '<' || nextC == '>' || nextC == '#' || - nextC == ';' || nextC == '\r' || nextC == '\n' || - nextC == '\\' || nextC == '"')) { - if (doubleEscape) - result.append('\\'); - } else { - result.append('\\'); - if (doubleEscape) - result.append('\\'); - } - } else { - result.append('\\'); - if (doubleEscape) - result.append('\\'); - } - } - if (c == '\r') { - result.append("0D"); - } else if (c == '\n') { - result.append("0A"); - } else { - result.append((char) c); - } - } - return result; - } - -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java deleted file mode 100644 index 24f79cdec..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java +++ /dev/null @@ -1,28 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -/** - * This class implements an enrollment extension - * default policy that extension into the certificate - * template. - * - * @version $Revision$, $Date$ - */ -public abstract class EnrollExtDefault extends EnrollDefault { -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java deleted file mode 100644 index f1d63a348..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java +++ /dev/null @@ -1,250 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.util.Enumeration; -import java.util.Locale; -import java.util.StringTokenizer; - -import netscape.security.extensions.ExtendedKeyUsageExtension; -import netscape.security.util.ObjectIdentifier; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates Extended Key Usage extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "exKeyUsageCritical"; - public static final String CONFIG_OIDS = "exKeyUsageOIDs"; - - public static final String VAL_CRITICAL = "exKeyUsageCritical"; - public static final String VAL_OIDS = "exKeyUsageOIDs"; - - public ExtendedKeyUsageExtDefault() { - super(); - addValueName(VAL_CRITICAL); - addValueName(VAL_OIDS); - addConfigName(CONFIG_CRITICAL); - addConfigName(CONFIG_OIDS); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(CONFIG_OIDS)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_OIDS")); - } - return null; - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_OIDS)) { - return new Descriptor(IDescriptor.STRING_LIST, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_OIDS")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - ExtendedKeyUsageExtension ext = null; - - ext = (ExtendedKeyUsageExtension) - getExtension(ExtendedKeyUsageExtension.OID, info); - - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_CRITICAL)) { - ext = (ExtendedKeyUsageExtension) - getExtension(ExtendedKeyUsageExtension.OID, info); - boolean val = Boolean.valueOf(value).booleanValue(); - - if (ext == null) { - return; - } - ext.setCritical(val); - } else if (name.equals(VAL_OIDS)) { - ext = (ExtendedKeyUsageExtension) - getExtension(ExtendedKeyUsageExtension.OID, info); - // ext.deleteAllOIDs(); - StringTokenizer st = new StringTokenizer(value, ","); - - if (ext == null) { - return; - } - while (st.hasMoreTokens()) { - String oid = st.nextToken(); - - ext.addOID(new ObjectIdentifier(oid)); - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - try { - replaceExtension(ExtendedKeyUsageExtension.OID, ext, info); - } catch (EProfileException e) { - CMS.debug("ExtendedKeyUsageExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ExtendedKeyUsageExtension ext = (ExtendedKeyUsageExtension) - getExtension(ExtendedKeyUsageExtension.OID, info); - - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - if (name.equals(VAL_CRITICAL)) { - ext = (ExtendedKeyUsageExtension) - getExtension(ExtendedKeyUsageExtension.OID, info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_OIDS)) { - ext = (ExtendedKeyUsageExtension) - getExtension(ExtendedKeyUsageExtension.OID, info); - StringBuffer sb = new StringBuffer(); - if (ext == null) { - return ""; - } - Enumeration<ObjectIdentifier> e = ext.getOIDs(); - - while (e.hasMoreElements()) { - ObjectIdentifier oid = e.nextElement(); - - if (!sb.toString().equals("")) { - sb.append(","); - } - sb.append(oid.toString()); - } - return sb.toString(); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_OIDS) - }; - - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_EXTENDED_KEY_EXT", params); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - ExtendedKeyUsageExtension ext = createExtension(); - - addExtension(ExtendedKeyUsageExtension.OID, ext, info); - } - - public ExtendedKeyUsageExtension createExtension() { - ExtendedKeyUsageExtension ext = null; - - try { - ext = new ExtendedKeyUsageExtension(); - } catch (Exception e) { - CMS.debug("ExtendedKeyUsageExtDefault: createExtension " + - e.toString()); - } - if (ext == null) - return null; - boolean critical = getBoolean(getConfig(CONFIG_CRITICAL)); - - ext.setCritical(critical); - StringTokenizer st = new StringTokenizer(getConfig(CONFIG_OIDS), ","); - - while (st.hasMoreTokens()) { - String oid = st.nextToken(); - - ext.addOID(new ObjectIdentifier(oid)); - } - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java deleted file mode 100644 index acbbd1089..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java +++ /dev/null @@ -1,584 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Locale; -import java.util.Vector; - -import netscape.security.x509.CRLDistributionPoint; -import netscape.security.x509.FreshestCRLExtension; -import netscape.security.x509.GeneralName; -import netscape.security.x509.GeneralNames; -import netscape.security.x509.GeneralNamesException; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.common.NameValuePairs; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates Freshest CRL extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class FreshestCRLExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "freshestCRLCritical"; - public static final String CONFIG_NUM_POINTS = "freshestCRLPointNum"; - public static final String CONFIG_POINT_TYPE = "freshestCRLPointType_"; - public static final String CONFIG_POINT_NAME = "freshestCRLPointName_"; - public static final String CONFIG_ISSUER_TYPE = "freshestCRLPointIssuerType_"; - public static final String CONFIG_ISSUER_NAME = "freshestCRLPointIssuerName_"; - public static final String CONFIG_ENABLE = "freshestCRLPointEnable_"; - - public static final String VAL_CRITICAL = "freshestCRLCritical"; - public static final String VAL_CRL_DISTRIBUTION_POINTS = - "freshestCRLPointsValue"; - - private static final String POINT_TYPE = "Point Type"; - private static final String POINT_NAME = "Point Name"; - private static final String ISSUER_TYPE = "Issuer Type"; - private static final String ISSUER_NAME = "Issuer Name"; - private static final String ENABLE = "Enable"; - - private static final int DEF_NUM_POINTS = 1; - private static final int MAX_NUM_POINTS = 100; - - public FreshestCRLExtDefault() { - super(); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - refreshConfigAndValueNames(); - } - - protected int getNumPoints() { - int num = DEF_NUM_POINTS; - String val = getConfig(CONFIG_NUM_POINTS); - - if (val != null) { - try { - num = Integer.parseInt(val); - } catch (NumberFormatException e) { - // ignore - } - } - - if (num >= MAX_NUM_POINTS) - num = DEF_NUM_POINTS; - - return num; - } - - public void setConfig(String name, String value) - throws EPropertyException { - int num = 0; - if (name.equals(CONFIG_NUM_POINTS)) { - try { - num = Integer.parseInt(value); - - if (num >= MAX_NUM_POINTS || num < 0) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS)); - } - - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS)); - } - } - super.setConfig(name, value); - } - - public Enumeration<String> getConfigNames() { - refreshConfigAndValueNames(); - return super.getConfigNames(); - } - - protected void refreshConfigAndValueNames() { - //refesh our config name list - - super.refreshConfigAndValueNames(); - addValueName(VAL_CRITICAL); - addValueName(VAL_CRL_DISTRIBUTION_POINTS); - - addConfigName(CONFIG_CRITICAL); - int num = getNumPoints(); - - addConfigName(CONFIG_NUM_POINTS); - for (int i = 0; i < num; i++) { - addConfigName(CONFIG_POINT_TYPE + i); - addConfigName(CONFIG_POINT_NAME + i); - addConfigName(CONFIG_ISSUER_TYPE + i); - addConfigName(CONFIG_ISSUER_NAME + i); - addConfigName(CONFIG_ENABLE + i); - } - - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.startsWith(CONFIG_POINT_TYPE)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_POINT_TYPE")); - } else if (name.startsWith(CONFIG_POINT_NAME)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_POINT_NAME")); - } else if (name.startsWith(CONFIG_ISSUER_TYPE)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_TYPE")); - } else if (name.startsWith(CONFIG_ISSUER_NAME)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_NAME")); - } else if (name.startsWith(CONFIG_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); - } else if (name.startsWith(CONFIG_NUM_POINTS)) { - return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_DIST_POINTS")); - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_CRL_DISTRIBUTION_POINTS")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - FreshestCRLExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = (FreshestCRLExtension) - getExtension(FreshestCRLExtension.OID, - info); - - if (ext == null) { - populate(locale, info); - } - - if (name.equals(VAL_CRITICAL)) { - ext = (FreshestCRLExtension) - getExtension(FreshestCRLExtension.OID, - info); - boolean val = Boolean.valueOf(value).booleanValue(); - - ext.setCritical(val); - } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { - ext = (FreshestCRLExtension) - getExtension(FreshestCRLExtension.OID, - info); - - Vector<NameValuePairs> v = parseRecords(value); - int size = v.size(); - - boolean critical = ext.isCritical(); - int i = 0; - - for (; i < size; i++) { - NameValuePairs nvps = v.elementAt(i); - String pointType = null; - String pointValue = null; - String issuerType = null; - String issuerValue = null; - String enable = null; - CRLDistributionPoint cdp = new CRLDistributionPoint(); - - for (String name1 : nvps.keySet()) { - - if (name1.equals(POINT_TYPE)) { - pointType = nvps.get(name1); - } else if (name1.equals(POINT_NAME)) { - pointValue = nvps.get(name1); - } else if (name1.equals(ISSUER_TYPE)) { - issuerType = nvps.get(name1); - } else if (name1.equals(ISSUER_NAME)) { - issuerValue = nvps.get(name1); - } else if (name1.equals(ENABLE)) { - enable = nvps.get(name1); - } - } - - if (enable != null && enable.equals("true")) { - if (pointType != null) - addCRLPoint(locale, cdp, pointType, pointValue); - if (issuerType != null) - addIssuer(locale, cdp, issuerType, issuerValue); - - // this is the first distribution point - if (i == 0) { - ext = new FreshestCRLExtension(cdp); - ext.setCritical(critical); - } else { - ext.addPoint(cdp); - } - } - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - replaceExtension(PKIXExtensions.FreshestCRL_Id.toString(), - ext, info); - } catch (EProfileException e) { - CMS.debug("FreshestCRLExtDefault: setValue " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - private void addCRLPoint(Locale locale, CRLDistributionPoint cdp, String type, - String value) throws EPropertyException { - try { - if (value == null || value.length() == 0) - return; - - if (isGeneralNameType(type)) { - GeneralNames gen = new GeneralNames(); - - gen.addElement(parseGeneralName(type, value)); - cdp.setFullName(gen); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", type)); - } - } catch (IOException e) { - CMS.debug("FreshestCRLExtDefault: addCRLPoint " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", type)); - } catch (GeneralNamesException e) { - CMS.debug("FreshestCRLExtDefault: addCRLPoint " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", type)); - } - } - - private void addIssuer(Locale locale, CRLDistributionPoint cdp, String type, - String value) throws EPropertyException { - if (value == null || value.length() == 0) - return; - try { - if (isGeneralNameType(type)) { - GeneralNames gen = new GeneralNames(); - - gen.addElement(parseGeneralName(type, value)); - cdp.setCRLIssuer(gen); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", type)); - } - } catch (IOException e) { - CMS.debug("FreshestCRLExtDefault: addIssuer " + - e.toString()); - } catch (GeneralNamesException e) { - CMS.debug("FreshestCRLExtDefault: addIssuer " + - e.toString()); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - FreshestCRLExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = (FreshestCRLExtension) - getExtension(FreshestCRLExtension.OID, - info); - if (ext == null) { - try { - populate(locale, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - if (name.equals(VAL_CRITICAL)) { - ext = (FreshestCRLExtension) - getExtension(FreshestCRLExtension.OID, - info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { - ext = (FreshestCRLExtension) - getExtension(FreshestCRLExtension.OID, - info); - - if (ext == null) - return ""; - - Vector<NameValuePairs> recs = new Vector<NameValuePairs>(); - int num = getNumPoints(); - for (int i = 0; i < num; i++) { - NameValuePairs pairs = null; - - if (i < ext.getNumPoints()) { - CRLDistributionPoint p = ext.getPointAt(i); - GeneralNames gns = p.getFullName(); - - pairs = buildGeneralNames(gns, p); - } else { - pairs = buildEmptyGeneralNames(); - } - recs.addElement(pairs); - } - - return buildRecords(recs); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - protected NameValuePairs buildEmptyGeneralNames() { - NameValuePairs pairs = new NameValuePairs(); - - pairs.put(POINT_TYPE, ""); - pairs.put(POINT_NAME, ""); - pairs.put(ISSUER_TYPE, ""); - pairs.put(ISSUER_NAME, ""); - pairs.put(ENABLE, "false"); - return pairs; - } - - protected NameValuePairs buildGeneralNames(GeneralNames gns, CRLDistributionPoint p) - throws EPropertyException { - - NameValuePairs pairs = new NameValuePairs(); - - boolean hasFullName = false; - - pairs.put(ENABLE, "true"); - if (gns == null) { - pairs.put(POINT_TYPE, ""); - pairs.put(POINT_NAME, ""); - } else { - GeneralName gn = (GeneralName) gns.elementAt(0); - - if (gn != null) { - hasFullName = true; - - pairs.put(POINT_TYPE, getGeneralNameType(gn)); - pairs.put(POINT_NAME, getGeneralNameValue(gn)); - } - } - - if (!hasFullName) { - pairs.put(POINT_TYPE, GN_DIRECTORY_NAME); - pairs.put(POINT_NAME, ""); - } - - gns = p.getCRLIssuer(); - - if (gns == null) { - pairs.put(ISSUER_TYPE, GN_DIRECTORY_NAME); - pairs.put(ISSUER_NAME, ""); - } else { - GeneralName gn = (GeneralName) gns.elementAt(0); - - if (gn != null) { - hasFullName = true; - - pairs.put(ISSUER_TYPE, getGeneralNameType(gn)); - pairs.put(ISSUER_NAME, getGeneralNameValue(gn)); - } - } - return pairs; - } - - public String getText(Locale locale) { - StringBuffer sb = new StringBuffer(); - int num = getNumPoints(); - - for (int i = 0; i < num; i++) { - sb.append("Record #"); - sb.append(i); - sb.append("{"); - sb.append(POINT_TYPE + ":"); - sb.append(getConfig(CONFIG_POINT_TYPE + i)); - sb.append(","); - sb.append(POINT_NAME + ":"); - sb.append(getConfig(CONFIG_POINT_NAME + i)); - sb.append(","); - sb.append(ISSUER_TYPE + ":"); - sb.append(getConfig(CONFIG_ISSUER_TYPE + i)); - sb.append(","); - sb.append(ISSUER_NAME + ":"); - sb.append(getConfig(CONFIG_ISSUER_NAME + i)); - sb.append(","); - sb.append(ENABLE + ":"); - sb.append(getConfig(CONFIG_ENABLE + i)); - sb.append("}"); - } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_FRESHEST_CRL_EXT", - getConfig(CONFIG_CRITICAL), - sb.toString()); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - FreshestCRLExtension ext = createExtension(request); - - if (ext == null) - return; - addExtension(FreshestCRLExtension.OID, ext, info); - } - - public FreshestCRLExtension createExtension(IRequest request) { - FreshestCRLExtension ext = new FreshestCRLExtension(); - int num = 0; - - try { - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - ext.setCritical(critical); - - num = getNumPoints(); - for (int i = 0; i < num; i++) { - CRLDistributionPoint cdp = new CRLDistributionPoint(); - - String enable = getConfig(CONFIG_ENABLE + i); - String pointType = getConfig(CONFIG_POINT_TYPE + i); - String pointName = getConfig(CONFIG_POINT_NAME + i); - String issuerType = getConfig(CONFIG_ISSUER_TYPE + i); - String issuerName = getConfig(CONFIG_ISSUER_NAME + i); - - if (enable != null && enable.equals("true")) { - if (pointType != null) - addCRLPoint(getLocale(request), cdp, pointType, pointName); - if (issuerType != null) - addIssuer(getLocale(request), cdp, issuerType, issuerName); - - ext.addPoint(cdp); - } - } - } catch (Exception e) { - CMS.debug("FreshestCRLExtDefault: createExtension " + - e.toString()); - } - - return ext; - } - - /** - * Populates the request with this policy default. - */ - private void populate(Locale locale, X509CertInfo info) - throws EProfileException { - FreshestCRLExtension ext = createExtension(locale); - - if (ext == null) - return; - addExtension(FreshestCRLExtension.OID, ext, info); - } - - public FreshestCRLExtension createExtension(Locale locale) { - FreshestCRLExtension ext = new FreshestCRLExtension(); - int num = 0; - - try { - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - ext.setCritical(critical); - - num = getNumPoints(); - for (int i = 0; i < num; i++) { - CRLDistributionPoint cdp = new CRLDistributionPoint(); - - String enable = getConfig(CONFIG_ENABLE + i); - String pointType = getConfig(CONFIG_POINT_TYPE + i); - String pointName = getConfig(CONFIG_POINT_NAME + i); - String issuerType = getConfig(CONFIG_ISSUER_TYPE + i); - String issuerName = getConfig(CONFIG_ISSUER_NAME + i); - - if (enable != null && enable.equals("true")) { - if (pointType != null) - addCRLPoint(locale, cdp, pointType, pointName); - if (issuerType != null) - addIssuer(locale, cdp, issuerType, issuerName); - - ext.addPoint(cdp); - } - } - } catch (Exception e) { - CMS.debug("FreshestCRLExtDefault: createExtension " + - e.toString()); - } - - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java deleted file mode 100644 index 1797091b7..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java +++ /dev/null @@ -1,260 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.util.Locale; - -import netscape.security.util.DerOutputStream; -import netscape.security.util.ObjectIdentifier; -import netscape.security.x509.Extension; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a Netscape comment extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class GenericExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "genericExtCritical"; - public static final String CONFIG_OID = "genericExtOID"; - public static final String CONFIG_DATA = "genericExtData"; - - public static final String VAL_CRITICAL = "genericExtCritical"; - public static final String VAL_DATA = "genericExtData"; - - public GenericExtDefault() { - super(); - addValueName(VAL_CRITICAL); - addValueName(VAL_DATA); - - addConfigName(CONFIG_CRITICAL); - addConfigName(CONFIG_OID); - addConfigName(CONFIG_DATA); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(CONFIG_OID)) { - return new Descriptor(IDescriptor.STRING, null, - "Comment Here...", - CMS.getUserMessage(locale, "CMS_PROFILE_OID")); - } else if (name.equals(CONFIG_DATA)) { - return new Descriptor(IDescriptor.STRING, null, - "Comment Here...", - CMS.getUserMessage(locale, "CMS_PROFILE_EXT_VALUE")); - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_DATA)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_EXT_VALUE")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - Extension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ObjectIdentifier oid = new ObjectIdentifier(getConfig(CONFIG_OID)); - - ext = (Extension) - getExtension(oid.toString(), info); - - if (ext == null) { - populate(null, info); - } - - if (name.equals(VAL_CRITICAL)) { - ext = (Extension) - getExtension(oid.toString(), info); - if (ext == null) { - return; - } - boolean val = Boolean.valueOf(value).booleanValue(); - ext.setCritical(val); - } else if (name.equals(VAL_DATA)) { - ext = (Extension) - getExtension(oid.toString(), info); - if (ext == null) { - return; - } - byte data[] = getBytes(value); - ext.setExtensionValue(data); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - replaceExtension(ext.getExtensionId().toString(), ext, info); - } catch (EProfileException e) { - CMS.debug("GenericExtDefault: setValue " + e.toString()); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - Extension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ObjectIdentifier oid = new ObjectIdentifier(getConfig(CONFIG_OID)); - - ext = (Extension) - getExtension(oid.toString(), info); - - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - if (name.equals(VAL_CRITICAL)) { - - ext = (Extension) - getExtension(oid.toString(), info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_DATA)) { - - ext = (Extension) - getExtension(oid.toString(), info); - - if (ext == null) - return ""; - - byte data[] = ext.getExtensionValue(); - - if (data == null) - return ""; - - return toStr(data); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_OID), - getConfig(CONFIG_DATA) - }; - - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_GENERIC_EXT", params); - } - - public String toStr(byte data[]) { - StringBuffer b = new StringBuffer(); - for (int i = 0; i < data.length; i++) { - if ((data[i] & 0xff) < 16) { - b.append("0"); - } - b.append(Integer.toString((int) (data[i] & 0xff), 0x10)); - } - return b.toString(); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - Extension ext = createExtension(request); - - addExtension(ext.getExtensionId().toString(), ext, info); - } - - public Extension createExtension(IRequest request) { - Extension ext = null; - - try { - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - ObjectIdentifier oid = new ObjectIdentifier(getConfig(CONFIG_OID)); - byte data[] = null; - - if (request == null) { - data = getBytes(getConfig(CONFIG_DATA)); - } else { - data = getBytes(mapPattern(request, getConfig(CONFIG_DATA))); - } - - DerOutputStream out = new DerOutputStream(); - out.putOctetString(data); - - ext = new Extension(oid, critical, out.toByteArray()); - } catch (Exception e) { - CMS.debug("GenericExtDefault: createExtension " + - e.toString()); - } - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java deleted file mode 100644 index 16a7ac402..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java +++ /dev/null @@ -1,105 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.util.Locale; - -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that shows an image in the approval page. - * - * @version $Revision$, $Date$ - */ -public class ImageDefault extends EnrollDefault { - - public static final String INPUT_IMAGE_URL = "image_url"; - - public static final String VAL_IMAGE_URL = "pd_image_url"; - - public ImageDefault() { - super(); - addValueName(VAL_IMAGE_URL); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - return null; - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_IMAGE_URL)) { - return new Descriptor(IDescriptor.IMAGE_URL, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_IMAGE")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - } - - public String getValue(String name, Locale locale, IRequest request) - throws EPropertyException { - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - if (name.equals(VAL_IMAGE_URL)) { - return request.getExtDataInString(INPUT_IMAGE_URL); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - return null; - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_IMAGE"); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java deleted file mode 100644 index 97cfb3ff4..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java +++ /dev/null @@ -1,271 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.math.BigInteger; -import java.util.Locale; - -import netscape.security.extensions.InhibitAnyPolicyExtension; -import netscape.security.util.BigInt; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an inhibit Any-Policy extension - * - * @version $Revision$, $Date$ - */ -public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "critical"; - public static final String CONFIG_SKIP_CERTS = "skipCerts"; - - public static final String VAL_CRITICAL = "critical"; - public static final String VAL_SKIP_CERTS = "skipCerts"; - - private static final String SKIP_CERTS = "Skip Certs"; - private static final String GN_PATTERN = "Pattern"; - - public InhibitAnyPolicyExtDefault() { - super(); - addValueName(VAL_CRITICAL); - addValueName(VAL_SKIP_CERTS); - - addConfigName(CONFIG_CRITICAL); - addConfigName(CONFIG_SKIP_CERTS); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "true", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.startsWith(CONFIG_SKIP_CERTS)) { - return new Descriptor(IDescriptor.INTEGER, null, "0", - CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS")); - } else { - return null; - } - } - - public void setConfig(String name, String value) - throws EPropertyException { - if (name.equals(CONFIG_SKIP_CERTS)) { - try { - Integer.parseInt(value); - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_SKIP_CERTS)); - } - } - super.setConfig(name, value); - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "true", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_SKIP_CERTS)) { - return new Descriptor(IDescriptor.INTEGER, null, "0", - CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - InhibitAnyPolicyExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); - - if (ext == null) { - populate(null, info); - } - - if (name.equals(VAL_CRITICAL)) { - ext = (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); - - if (ext == null) { - // it is ok, the extension is never populated or delted - return; - } - boolean critical = Boolean.valueOf(value).booleanValue(); - - ext.setCritical(critical); - } else if (name.equals(VAL_SKIP_CERTS)) { - ext = (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); - - if (ext == null) { - // it is ok, the extension is never populated or delted - return; - } - boolean critical = ext.isCritical(); - if (value.equals("")) { - // if value is empty, do not add this extension - deleteExtension(InhibitAnyPolicyExtension.OID, info); - return; - } - BigInt num = null; - try { - BigInteger l = new BigInteger(value); - num = new BigInt(l); - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - ext = new InhibitAnyPolicyExtension(critical, - num); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - replaceExtension(InhibitAnyPolicyExtension.OID, ext, info); - } catch (EProfileException e) { - CMS.debug("InhibitAnyPolicyExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - InhibitAnyPolicyExtension ext = - (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); - - if (ext == null) { - try { - populate(null, info); - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - if (name.equals(VAL_CRITICAL)) { - ext = (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_SKIP_CERTS)) { - ext = (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); - if (ext == null) { - return null; - } - - BigInt n = ext.getSkipCerts(); - return "" + n.toInt(); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - /* - * returns text that goes into description for this extension on - * a profile - */ - public String getText(Locale locale) { - StringBuffer sb = new StringBuffer(); - sb.append(SKIP_CERTS + ":"); - sb.append(getConfig(CONFIG_SKIP_CERTS)); - - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_INHIBIT_ANY_POLICY_EXT", - getConfig(CONFIG_CRITICAL), sb.toString()); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - InhibitAnyPolicyExtension ext = null; - - ext = createExtension(request); - addExtension(InhibitAnyPolicyExtension.OID, ext, info); - } - - public InhibitAnyPolicyExtension createExtension(IRequest request) - throws EProfileException { - InhibitAnyPolicyExtension ext = null; - - boolean critical = Boolean.valueOf( - getConfig(CONFIG_CRITICAL)).booleanValue(); - - String str = getConfig(CONFIG_SKIP_CERTS); - if (str == null || str.equals("")) { - ext = new InhibitAnyPolicyExtension(); - ext.setCritical(critical); - } else { - BigInt val = null; - try { - BigInteger b = new BigInteger(str); - val = new BigInt(b); - } catch (NumberFormatException e) { - throw new EProfileException( - CMS.getUserMessage("CMS_PROFILE_INHIBIT_ANY_POLICY_WRONG_SKIP_CERTS")); - } - - try { - ext = new InhibitAnyPolicyExtension(critical, val); - } catch (Exception e) { - CMS.debug(e.toString()); - } - } - - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java deleted file mode 100644 index 251d8a3e7..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java +++ /dev/null @@ -1,317 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Locale; -import java.util.StringTokenizer; - -import netscape.security.x509.GeneralName; -import netscape.security.x509.GeneralNameInterface; -import netscape.security.x509.GeneralNames; -import netscape.security.x509.IssuerAlternativeNameExtension; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a issuer alternative name extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class IssuerAltNameExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "issuerAltNameExtCritical"; - public static final String CONFIG_TYPE = "issuerAltExtType"; - public static final String CONFIG_PATTERN = "issuerAltExtPattern"; - - public static final String VAL_CRITICAL = "issuerAltNameExtCritical"; - public static final String VAL_GENERAL_NAMES = "issuerAltNames"; - - public IssuerAltNameExtDefault() { - super(); - addValueName(VAL_CRITICAL); - addValueName(VAL_GENERAL_NAMES); - - addConfigName(CONFIG_CRITICAL); - addConfigName(CONFIG_TYPE); - addConfigName(CONFIG_PATTERN); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(CONFIG_TYPE)) { - return new Descriptor(IDescriptor.CHOICE, - "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", - "RFC822Name", - CMS.getUserMessage(locale, - "CMS_PROFILE_ISSUER_ALT_NAME_TYPE")); - } else if (name.equals(CONFIG_PATTERN)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_ISSUER_ALT_NAME_PATTERN")); - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_GENERAL_NAMES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - IssuerAlternativeNameExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = - (IssuerAlternativeNameExtension) - getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); - - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - if (name.equals(VAL_CRITICAL)) { - ext = - (IssuerAlternativeNameExtension) - getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); - - if (ext == null) { - // it is ok, the extension is never populated or delted - return; - } - boolean critical = Boolean.valueOf(value).booleanValue(); - - ext.setCritical(critical); - } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = - (IssuerAlternativeNameExtension) - getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); - - if (ext == null) { - // it is ok, the extension is never populated or delted - return; - } - if (value.equals("")) { - // if value is empty, do not add this extension - deleteExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); - return; - } - GeneralNames gn = new GeneralNames(); - StringTokenizer st = new StringTokenizer(value, "\r\n"); - - while (st.hasMoreTokens()) { - String gname = (String) st.nextToken(); - - GeneralNameInterface n = parseGeneralName(gname); - if (n != null) { - gn.addElement(n); - } - } - ext.set(IssuerAlternativeNameExtension.ISSUER_NAME, gn); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - replaceExtension( - PKIXExtensions.IssuerAlternativeName_Id.toString(), - ext, info); - } catch (IOException e) { - CMS.debug("IssuerAltNameExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } catch (EProfileException e) { - CMS.debug("IssuerAltNameExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - try { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - IssuerAlternativeNameExtension ext = - (IssuerAlternativeNameExtension) - getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); - - if (ext == null) { - - try { - populate(null, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - if (name.equals(VAL_CRITICAL)) { - ext = - (IssuerAlternativeNameExtension) - getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = - (IssuerAlternativeNameExtension) - getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); - if (ext == null) { - return ""; - } - - GeneralNames names = (GeneralNames) - ext.get(IssuerAlternativeNameExtension.ISSUER_NAME); - StringBuffer sb = new StringBuffer(); - Enumeration<GeneralNameInterface> e = names.elements(); - - while (e.hasMoreElements()) { - GeneralName gn = (GeneralName) e.nextElement(); - - if (!sb.toString().equals("")) { - sb.append("\r\n"); - } - sb.append(toGeneralNameString(gn)); - } - return sb.toString(); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } catch (IOException e) { - CMS.debug("IssuerAltNameExtDefault: getValue " + - e.toString()); - } - return null; - } - - public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_PATTERN), - getConfig(CONFIG_TYPE) - }; - - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_ISSUER_ALT_NAME_EXT", params); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - IssuerAlternativeNameExtension ext = null; - - try { - ext = createExtension(request); - - } catch (IOException e) { - CMS.debug("IssuerAltNameExtDefault: populate " + e.toString()); - } - addExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), - ext, info); - } - - public IssuerAlternativeNameExtension createExtension(IRequest request) - throws IOException { - IssuerAlternativeNameExtension ext = null; - - try { - ext = new IssuerAlternativeNameExtension(); - } catch (Exception e) { - CMS.debug(e.toString()); - throw new IOException(e.toString()); - } - boolean critical = Boolean.valueOf( - getConfig(CONFIG_CRITICAL)).booleanValue(); - String pattern = getConfig(CONFIG_PATTERN); - - if (!pattern.equals("")) { - GeneralNames gn = new GeneralNames(); - - String gname = ""; - - if (request != null) { - gname = mapPattern(request, pattern); - } - - gn.addElement(parseGeneralName( - getConfig(CONFIG_TYPE) + ":" + gname)); - ext.set(IssuerAlternativeNameExtension.ISSUER_NAME, gn); - } - ext.setCritical(critical); - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java deleted file mode 100644 index 1bfda9ad9..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java +++ /dev/null @@ -1,511 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Locale; - -import netscape.security.x509.KeyUsageExtension; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a Key Usage extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class KeyUsageExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "keyUsageCritical"; - public static final String CONFIG_DIGITAL_SIGNATURE = - "keyUsageDigitalSignature"; - public static final String CONFIG_NON_REPUDIATION = - "keyUsageNonRepudiation"; - public static final String CONFIG_KEY_ENCIPHERMENT = - "keyUsageKeyEncipherment"; - public static final String CONFIG_DATA_ENCIPHERMENT = - "keyUsageDataEncipherment"; - public static final String CONFIG_KEY_AGREEMENT = "keyUsageKeyAgreement"; - public static final String CONFIG_KEY_CERTSIGN = "keyUsageKeyCertSign"; - public static final String CONFIG_CRL_SIGN = "keyUsageCrlSign"; - public static final String CONFIG_ENCIPHER_ONLY = "keyUsageEncipherOnly"; - public static final String CONFIG_DECIPHER_ONLY = "keyUsageDecipherOnly"; - - public static final String VAL_CRITICAL = "keyUsageCritical"; - public static final String VAL_DIGITAL_SIGNATURE = - "keyUsageDigitalSignature"; - public static final String VAL_NON_REPUDIATION = - "keyUsageNonRepudiation"; - public static final String VAL_KEY_ENCIPHERMENT = - "keyUsageKeyEncipherment"; - public static final String VAL_DATA_ENCIPHERMENT = - "keyUsageDataEncipherment"; - public static final String VAL_KEY_AGREEMENT = "keyUsageKeyAgreement"; - public static final String VAL_KEY_CERTSIGN = "keyUsageKeyCertSign"; - public static final String VAL_CRL_SIGN = "keyUsageCrlSign"; - public static final String VAL_ENCIPHER_ONLY = "keyUsageEncipherOnly"; - public static final String VAL_DECIPHER_ONLY = "keyUsageDecipherOnly"; - - public KeyUsageExtDefault() { - super(); - addValueName(VAL_CRITICAL); - addValueName(VAL_DIGITAL_SIGNATURE); - addValueName(VAL_NON_REPUDIATION); - addValueName(VAL_KEY_ENCIPHERMENT); - addValueName(VAL_DATA_ENCIPHERMENT); - addValueName(VAL_KEY_AGREEMENT); - addValueName(VAL_KEY_CERTSIGN); - addValueName(VAL_CRL_SIGN); - addValueName(VAL_ENCIPHER_ONLY); - addValueName(VAL_DECIPHER_ONLY); - - addConfigName(CONFIG_CRITICAL); - addConfigName(CONFIG_DIGITAL_SIGNATURE); - addConfigName(CONFIG_NON_REPUDIATION); - addConfigName(CONFIG_KEY_ENCIPHERMENT); - addConfigName(CONFIG_DATA_ENCIPHERMENT); - addConfigName(CONFIG_KEY_AGREEMENT); - addConfigName(CONFIG_KEY_CERTSIGN); - addConfigName(CONFIG_CRL_SIGN); - addConfigName(CONFIG_ENCIPHER_ONLY); - addConfigName(CONFIG_DECIPHER_ONLY); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(CONFIG_DIGITAL_SIGNATURE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_DIGITAL_SIGNATURE")); - } else if (name.equals(CONFIG_NON_REPUDIATION)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_NON_REPUDIATION")); - } else if (name.equals(CONFIG_KEY_ENCIPHERMENT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ENCIPHERMENT")); - } else if (name.equals(CONFIG_DATA_ENCIPHERMENT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_DATA_ENCIPHERMENT")); - } else if (name.equals(CONFIG_KEY_AGREEMENT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_KEY_AGREEMENT")); - } else if (name.equals(CONFIG_KEY_CERTSIGN)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_KEY_CERTSIGN")); - } else if (name.equals(CONFIG_CRL_SIGN)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRL_SIGN")); - } else if (name.equals(CONFIG_ENCIPHER_ONLY)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_ENCIPHER_ONLY")); - } else if (name.equals(CONFIG_DECIPHER_ONLY)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_DECIPHER_ONLY")); - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_DIGITAL_SIGNATURE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_DIGITAL_SIGNATURE")); - } else if (name.equals(VAL_NON_REPUDIATION)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_NON_REPUDIATION")); - } else if (name.equals(VAL_KEY_ENCIPHERMENT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ENCIPHERMENT")); - } else if (name.equals(VAL_DATA_ENCIPHERMENT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_DATA_ENCIPHERMENT")); - } else if (name.equals(VAL_KEY_AGREEMENT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_KEY_AGREEMENT")); - } else if (name.equals(VAL_KEY_CERTSIGN)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_KEY_CERTSIGN")); - } else if (name.equals(VAL_CRL_SIGN)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRL_SIGN")); - } else if (name.equals(VAL_ENCIPHER_ONLY)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_ENCIPHER_ONLY")); - } else if (name.equals(VAL_DECIPHER_ONLY)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_DECIPHER_ONLY")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - KeyUsageExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - - if (ext == null) { - populate(null, info); - - } - - if (name.equals(VAL_CRITICAL)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - boolean val = Boolean.valueOf(value).booleanValue(); - - if (ext == null) { - return; - } - ext.setCritical(val); - } else if (name.equals(VAL_DIGITAL_SIGNATURE)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return; - } - Boolean val = Boolean.valueOf(value); - - ext.set(KeyUsageExtension.DIGITAL_SIGNATURE, val); - } else if (name.equals(VAL_NON_REPUDIATION)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return; - } - Boolean val = Boolean.valueOf(value); - - ext.set(KeyUsageExtension.NON_REPUDIATION, val); - } else if (name.equals(VAL_KEY_ENCIPHERMENT)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return; - } - Boolean val = Boolean.valueOf(value); - - ext.set(KeyUsageExtension.KEY_ENCIPHERMENT, val); - } else if (name.equals(VAL_DATA_ENCIPHERMENT)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return; - } - Boolean val = Boolean.valueOf(value); - - ext.set(KeyUsageExtension.DATA_ENCIPHERMENT, val); - } else if (name.equals(VAL_KEY_AGREEMENT)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return; - } - Boolean val = Boolean.valueOf(value); - - ext.set(KeyUsageExtension.KEY_AGREEMENT, val); - } else if (name.equals(VAL_KEY_CERTSIGN)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return; - } - Boolean val = Boolean.valueOf(value); - - ext.set(KeyUsageExtension.KEY_CERTSIGN, val); - } else if (name.equals(VAL_CRL_SIGN)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return; - } - Boolean val = Boolean.valueOf(value); - - ext.set(KeyUsageExtension.CRL_SIGN, val); - } else if (name.equals(VAL_ENCIPHER_ONLY)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return; - } - Boolean val = Boolean.valueOf(value); - - ext.set(KeyUsageExtension.ENCIPHER_ONLY, val); - } else if (name.equals(VAL_DECIPHER_ONLY)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return; - } - Boolean val = Boolean.valueOf(value); - - ext.set(KeyUsageExtension.DECIPHER_ONLY, val); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - replaceExtension(PKIXExtensions.KeyUsage_Id.toString(), ext, info); - } catch (IOException e) { - CMS.debug("KeyUsageExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } catch (EProfileException e) { - CMS.debug("KeyUsageExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - try { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - KeyUsageExtension ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - if (name.equals(VAL_CRITICAL)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_DIGITAL_SIGNATURE)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return null; - } - - Boolean val = (Boolean) - ext.get(KeyUsageExtension.DIGITAL_SIGNATURE); - - return val.toString(); - } else if (name.equals(VAL_NON_REPUDIATION)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return null; - } - Boolean val = (Boolean) - ext.get(KeyUsageExtension.NON_REPUDIATION); - - return val.toString(); - } else if (name.equals(VAL_KEY_ENCIPHERMENT)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return null; - } - Boolean val = (Boolean) - ext.get(KeyUsageExtension.KEY_ENCIPHERMENT); - - return val.toString(); - } else if (name.equals(VAL_DATA_ENCIPHERMENT)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return null; - } - Boolean val = (Boolean) - ext.get(KeyUsageExtension.DATA_ENCIPHERMENT); - - return val.toString(); - } else if (name.equals(VAL_KEY_AGREEMENT)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return null; - } - Boolean val = (Boolean) - ext.get(KeyUsageExtension.KEY_AGREEMENT); - - return val.toString(); - } else if (name.equals(VAL_KEY_CERTSIGN)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return null; - } - Boolean val = (Boolean) - ext.get(KeyUsageExtension.KEY_CERTSIGN); - - return val.toString(); - } else if (name.equals(VAL_CRL_SIGN)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return null; - } - Boolean val = (Boolean) - ext.get(KeyUsageExtension.CRL_SIGN); - - return val.toString(); - } else if (name.equals(VAL_ENCIPHER_ONLY)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return null; - } - Boolean val = (Boolean) - ext.get(KeyUsageExtension.ENCIPHER_ONLY); - - return val.toString(); - } else if (name.equals(VAL_DECIPHER_ONLY)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return null; - } - Boolean val = (Boolean) - ext.get(KeyUsageExtension.DECIPHER_ONLY); - - return val.toString(); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } catch (IOException e) { - CMS.debug("KeyUsageExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_DIGITAL_SIGNATURE), - getConfig(CONFIG_NON_REPUDIATION), - getConfig(CONFIG_KEY_ENCIPHERMENT), - getConfig(CONFIG_DATA_ENCIPHERMENT), - getConfig(CONFIG_KEY_AGREEMENT), - getConfig(CONFIG_KEY_CERTSIGN), - getConfig(CONFIG_CRL_SIGN), - getConfig(CONFIG_ENCIPHER_ONLY), - getConfig(CONFIG_DECIPHER_ONLY) - }; - - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_KEY_USAGE_EXT", params); - - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - KeyUsageExtension ext = createKeyUsageExtension(); - - addExtension(PKIXExtensions.KeyUsage_Id.toString(), ext, info); - } - - public KeyUsageExtension createKeyUsageExtension() { - KeyUsageExtension ext = null; - boolean[] bits = new boolean[KeyUsageExtension.NBITS]; - - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - - bits[0] = getConfigBoolean(CONFIG_DIGITAL_SIGNATURE); - bits[1] = getConfigBoolean(CONFIG_NON_REPUDIATION); - bits[2] = getConfigBoolean(CONFIG_KEY_ENCIPHERMENT); - bits[3] = getConfigBoolean(CONFIG_DATA_ENCIPHERMENT); - bits[4] = getConfigBoolean(CONFIG_KEY_AGREEMENT); - bits[5] = getConfigBoolean(CONFIG_KEY_CERTSIGN); - bits[6] = getConfigBoolean(CONFIG_CRL_SIGN); - bits[7] = getConfigBoolean(CONFIG_ENCIPHER_ONLY); - bits[8] = getConfigBoolean(CONFIG_DECIPHER_ONLY); - try { - ext = new KeyUsageExtension(critical, bits); - } catch (Exception e) { - CMS.debug("KeyUsageExtDefault: createKeyUsageExtension " + - e.toString()); - } - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java deleted file mode 100644 index cc96f3e90..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java +++ /dev/null @@ -1,246 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Locale; - -import netscape.security.util.ObjectIdentifier; -import netscape.security.x509.NSCCommentExtension; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a Netscape comment extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class NSCCommentExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "nscCommentCritical"; - public static final String CONFIG_COMMENT = "nscCommentContent"; - - public static final String VAL_CRITICAL = "nscCommentCritical"; - public static final String VAL_COMMENT = "nscCommentContent"; - - public NSCCommentExtDefault() { - super(); - addValueName(VAL_CRITICAL); - addValueName(VAL_COMMENT); - - addConfigName(CONFIG_CRITICAL); - addConfigName(CONFIG_COMMENT); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(CONFIG_COMMENT)) { - return new Descriptor(IDescriptor.STRING, null, - "Comment Here...", - CMS.getUserMessage(locale, "CMS_PROFILE_COMMENT")); - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_COMMENT)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_COMMENT")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - NSCCommentExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ObjectIdentifier oid = NSCCommentExtension.OID; - - ext = (NSCCommentExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - populate(null, info); - } - - if (name.equals(VAL_CRITICAL)) { - - ext = (NSCCommentExtension) - getExtension(oid.toString(), info); - boolean val = Boolean.valueOf(value).booleanValue(); - - if (ext == null) { - return; - } - ext.setCritical(val); - } else if (name.equals(VAL_COMMENT)) { - - ext = (NSCCommentExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - return; - } - boolean critical = ext.isCritical(); - - if (value == null || value.equals("")) - ext = new NSCCommentExtension(critical, ""); - // throw new EPropertyException(name+" cannot be empty"); - else - ext = new NSCCommentExtension(critical, value); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - replaceExtension(ext.getExtensionId().toString(), ext, info); - } catch (IOException e) { - CMS.debug("NSCCommentExtDefault: setValue " + e.toString()); - } catch (EProfileException e) { - CMS.debug("NSCCommentExtDefault: setValue " + e.toString()); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - NSCCommentExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ObjectIdentifier oid = NSCCommentExtension.OID; - - ext = (NSCCommentExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - if (name.equals(VAL_CRITICAL)) { - - ext = (NSCCommentExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_COMMENT)) { - - ext = (NSCCommentExtension) - getExtension(oid.toString(), info); - - if (ext == null) - return ""; - - String comment = ext.getComment(); - - if (comment == null) - comment = ""; - - return comment; - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_COMMENT) - }; - - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_NS_COMMENT_EXT", params); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - NSCCommentExtension ext = createExtension(); - - addExtension(ext.getExtensionId().toString(), ext, info); - } - - public NSCCommentExtension createExtension() { - NSCCommentExtension ext = null; - - try { - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - String comment = getConfig(CONFIG_COMMENT); - - if (comment == null || comment.equals("")) - ext = new NSCCommentExtension(critical, ""); - else - ext = new NSCCommentExtension(critical, comment); - } catch (Exception e) { - CMS.debug("NSCCommentExtension: createExtension " + - e.toString()); - } - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java deleted file mode 100644 index 0677ef69f..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java +++ /dev/null @@ -1,419 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.security.cert.CertificateException; -import java.util.Locale; - -import netscape.security.extensions.NSCertTypeExtension; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a Netscape Certificate Type extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class NSCertTypeExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "nsCertCritical"; - public static final String CONFIG_SSL_CLIENT = "nsCertSSLClient"; - public static final String CONFIG_SSL_SERVER = "nsCertSSLServer"; - public static final String CONFIG_EMAIL = "nsCertEmail"; - public static final String CONFIG_OBJECT_SIGNING = "nsCertObjectSigning"; - public static final String CONFIG_SSL_CA = "nsCertSSLCA"; - public static final String CONFIG_EMAIL_CA = "nsCertEmailCA"; - public static final String CONFIG_OBJECT_SIGNING_CA = "nsCertObjectSigningCA"; - - public static final String VAL_CRITICAL = "nsCertCritical"; - public static final String VAL_SSL_CLIENT = "nsCertSSLClient"; - public static final String VAL_SSL_SERVER = "nsCertSSLServer"; - public static final String VAL_EMAIL = "nsCertEmail"; - public static final String VAL_OBJECT_SIGNING = "nsCertObjectSigning"; - public static final String VAL_SSL_CA = "nsCertSSLCA"; - public static final String VAL_EMAIL_CA = "nsCertEmailCA"; - public static final String VAL_OBJECT_SIGNING_CA = "nsCertObjectSigningCA"; - - public NSCertTypeExtDefault() { - super(); - addValueName(VAL_CRITICAL); - addValueName(VAL_SSL_CLIENT); - addValueName(VAL_SSL_SERVER); - addValueName(VAL_EMAIL); - addValueName(VAL_OBJECT_SIGNING); - addValueName(VAL_SSL_CA); - addValueName(VAL_EMAIL_CA); - addValueName(VAL_OBJECT_SIGNING_CA); - - addConfigName(CONFIG_CRITICAL); - addConfigName(CONFIG_SSL_CLIENT); - addConfigName(CONFIG_SSL_SERVER); - addConfigName(CONFIG_EMAIL); - addConfigName(CONFIG_OBJECT_SIGNING); - addConfigName(CONFIG_SSL_CA); - addConfigName(CONFIG_EMAIL_CA); - addConfigName(CONFIG_OBJECT_SIGNING_CA); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(CONFIG_SSL_CLIENT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CLIENT")); - } else if (name.equals(CONFIG_SSL_SERVER)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_SSL_SERVER")); - } else if (name.equals(CONFIG_EMAIL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL")); - } else if (name.equals(CONFIG_OBJECT_SIGNING)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING")); - } else if (name.equals(CONFIG_SSL_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CA")); - } else if (name.equals(CONFIG_EMAIL_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL_CA")); - } else if (name.equals(CONFIG_OBJECT_SIGNING_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING_CA")); - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_SSL_CLIENT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CLIENT")); - } else if (name.equals(VAL_SSL_SERVER)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_SSL_SERVER")); - } else if (name.equals(VAL_EMAIL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL")); - } else if (name.equals(VAL_OBJECT_SIGNING)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING")); - } else if (name.equals(VAL_SSL_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CA")); - } else if (name.equals(VAL_EMAIL_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL_CA")); - } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING_CA")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - NSCertTypeExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - - if (ext == null) { - populate(null, info); - - } - if (name.equals(VAL_CRITICAL)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - boolean val = Boolean.valueOf(value).booleanValue(); - - if (ext == null) { - return; - } - ext.setCritical(val); - } else if (name.equals(VAL_SSL_CLIENT)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return; - } - Boolean val = Boolean.valueOf(value); - - ext.set(NSCertTypeExtension.SSL_CLIENT, val); - } else if (name.equals(VAL_SSL_SERVER)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return; - } - Boolean val = Boolean.valueOf(value); - - ext.set(NSCertTypeExtension.SSL_SERVER, val); - } else if (name.equals(VAL_EMAIL)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return; - } - Boolean val = Boolean.valueOf(value); - - ext.set(NSCertTypeExtension.EMAIL, val); - } else if (name.equals(VAL_OBJECT_SIGNING)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return; - } - Boolean val = Boolean.valueOf(value); - - ext.set(NSCertTypeExtension.OBJECT_SIGNING, val); - } else if (name.equals(VAL_SSL_CA)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return; - } - Boolean val = Boolean.valueOf(value); - - ext.set(NSCertTypeExtension.SSL_CA, val); - } else if (name.equals(VAL_EMAIL_CA)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return; - } - Boolean val = Boolean.valueOf(value); - - ext.set(NSCertTypeExtension.EMAIL_CA, val); - } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return; - } - Boolean val = Boolean.valueOf(value); - - ext.set(NSCertTypeExtension.OBJECT_SIGNING_CA, val); - } else { - throw new EPropertyException("Invalid name " + name); - } - replaceExtension(NSCertTypeExtension.CertType_Id.toString(), ext, info); - } catch (CertificateException e) { - CMS.debug("NSCertTypeExtDefault: setValue " + e.toString()); - } catch (EProfileException e) { - CMS.debug("NSCertTypeExtDefault: setValue " + e.toString()); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - try { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - NSCertTypeExtension ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - if (name.equals(VAL_CRITICAL)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_SSL_CLIENT)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return null; - } - Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_CLIENT); - - return val.toString(); - } else if (name.equals(VAL_SSL_SERVER)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return null; - } - Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_SERVER); - - return val.toString(); - } else if (name.equals(VAL_EMAIL)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return null; - } - Boolean val = (Boolean) ext.get(NSCertTypeExtension.EMAIL); - - return val.toString(); - } else if (name.equals(VAL_OBJECT_SIGNING)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return null; - } - Boolean val = (Boolean) ext.get(NSCertTypeExtension.OBJECT_SIGNING); - - return val.toString(); - } else if (name.equals(VAL_SSL_CA)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return null; - } - Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_CA); - - return val.toString(); - } else if (name.equals(VAL_EMAIL_CA)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return null; - } - Boolean val = (Boolean) ext.get(NSCertTypeExtension.EMAIL_CA); - - return val.toString(); - } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return null; - } - Boolean val = (Boolean) ext.get(NSCertTypeExtension.OBJECT_SIGNING_CA); - - return val.toString(); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } catch (CertificateException e) { - CMS.debug("NSCertTypeExtDefault: setValue " + e.toString()); - } - return null; - } - - public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_SSL_CLIENT), - getConfig(CONFIG_SSL_SERVER), - getConfig(CONFIG_EMAIL), - getConfig(CONFIG_OBJECT_SIGNING), - getConfig(CONFIG_SSL_CA), - getConfig(CONFIG_EMAIL_CA), - getConfig(CONFIG_OBJECT_SIGNING_CA) - }; - - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_NS_CERT_TYPE_EXT", params); - - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - NSCertTypeExtension ext = createExtension(); - - addExtension(NSCertTypeExtension.CertType_Id.toString(), ext, info); - } - - public NSCertTypeExtension createExtension() { - NSCertTypeExtension ext = null; - boolean[] bits = new boolean[NSCertTypeExtension.NBITS]; - - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - - bits[0] = getConfigBoolean(CONFIG_SSL_CLIENT); - bits[1] = getConfigBoolean(CONFIG_SSL_SERVER); - bits[2] = getConfigBoolean(CONFIG_EMAIL); - bits[3] = getConfigBoolean(CONFIG_OBJECT_SIGNING); - bits[4] = getConfigBoolean(CONFIG_SSL_CA); - bits[5] = getConfigBoolean(CONFIG_EMAIL_CA); - bits[6] = getConfigBoolean(CONFIG_OBJECT_SIGNING_CA); - try { - ext = new NSCertTypeExtension(critical, bits); - } catch (Exception e) { - CMS.debug("NSCertTypeExtDefault: createExtension " + - e.toString()); - } - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java deleted file mode 100644 index e57d04067..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java +++ /dev/null @@ -1,670 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Locale; -import java.util.Vector; - -import netscape.security.x509.GeneralName; -import netscape.security.x509.GeneralNameInterface; -import netscape.security.x509.GeneralSubtree; -import netscape.security.x509.GeneralSubtrees; -import netscape.security.x509.NameConstraintsExtension; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.common.NameValuePairs; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a name constraint extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class NameConstraintsExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "nameConstraintsCritical"; - public static final String CONFIG_NUM_PERMITTED_SUBTREES = - "nameConstraintsNumPermittedSubtrees"; - public static final String CONFIG_PERMITTED_MIN_VAL = "nameConstraintsPermittedSubtreeMinValue_"; - public static final String CONFIG_PERMITTED_MAX_VAL = "nameConstraintsPermittedSubtreeMaxValue_"; - public static final String CONFIG_PERMITTED_NAME_CHOICE = "nameConstraintsPermittedSubtreeNameChoice_"; - public static final String CONFIG_PERMITTED_NAME_VAL = "nameConstraintsPermittedSubtreeNameValue_"; - public static final String CONFIG_PERMITTED_ENABLE = "nameConstraintsPermittedSubtreeEnable_"; - - public static final String CONFIG_NUM_EXCLUDED_SUBTREES = "nameConstraintsNumExcludedSubtrees"; - public static final String CONFIG_EXCLUDED_MIN_VAL = "nameConstraintsExcludedSubtreeMinValue_"; - public static final String CONFIG_EXCLUDED_MAX_VAL = "nameConstraintsExcludedSubtreeMaxValue_"; - public static final String CONFIG_EXCLUDED_NAME_CHOICE = "nameConstraintsExcludedSubtreeNameChoice_"; - public static final String CONFIG_EXCLUDED_NAME_VAL = "nameConstraintsExcludedSubtreeNameValue_"; - public static final String CONFIG_EXCLUDED_ENABLE = "nameConstraintsExcludedSubtreeEnable_"; - - public static final String VAL_CRITICAL = "nameConstraintsCritical"; - public static final String VAL_PERMITTED_SUBTREES = "nameConstraintsPermittedSubtreesValue"; - public static final String VAL_EXCLUDED_SUBTREES = "nameConstraintsExcludedSubtreesValue"; - - private static final String GENERAL_NAME_CHOICE = "GeneralNameChoice"; - private static final String GENERAL_NAME_VALUE = "GeneralNameValue"; - private static final String MIN_VALUE = "Min Value"; - private static final String MAX_VALUE = "Max Value"; - private static final String ENABLE = "Enable"; - - protected static final int DEF_NUM_PERMITTED_SUBTREES = 1; - protected static final int DEF_NUM_EXCLUDED_SUBTREES = 1; - protected static final int MAX_NUM_EXCLUDED_SUBTREES = 100; - protected static final int MAX_NUM_PERMITTED_SUBTREES = 100; - - public NameConstraintsExtDefault() { - super(); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - refreshConfigAndValueNames(); - - } - - protected int getNumPermitted() { - int num = DEF_NUM_PERMITTED_SUBTREES; - String val = getConfig(CONFIG_NUM_PERMITTED_SUBTREES); - - if (val != null) { - try { - num = Integer.parseInt(val); - } catch (NumberFormatException e) { - // ignore - } - } - - if (num >= MAX_NUM_PERMITTED_SUBTREES) - num = DEF_NUM_PERMITTED_SUBTREES; - return num; - } - - protected int getNumExcluded() { - int num = DEF_NUM_EXCLUDED_SUBTREES; - String val = getConfig(CONFIG_NUM_EXCLUDED_SUBTREES); - - if (val != null) { - try { - num = Integer.parseInt(val); - } catch (NumberFormatException e) { - // ignore - } - } - - if (num >= MAX_NUM_EXCLUDED_SUBTREES) - num = DEF_NUM_EXCLUDED_SUBTREES; - - return num; - } - - public void setConfig(String name, String value) - throws EPropertyException { - int num = 0; - if (name.equals(CONFIG_NUM_PERMITTED_SUBTREES)) { - try { - num = Integer.parseInt(value); - - if (num >= MAX_NUM_PERMITTED_SUBTREES || num < 0) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_PERMITTED_SUBTREES)); - } - - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_PERMITTED_SUBTREES)); - } - } else if (name.equals(CONFIG_NUM_EXCLUDED_SUBTREES)) { - - try { - num = Integer.parseInt(value); - - if (num >= MAX_NUM_EXCLUDED_SUBTREES || num < 0) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_EXCLUDED_SUBTREES)); - } - - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_EXCLUDED_SUBTREES)); - } - } - super.setConfig(name, value); - } - - public Enumeration<String> getConfigNames() { - refreshConfigAndValueNames(); - return super.getConfigNames(); - } - - protected void refreshConfigAndValueNames() { - //refesh our config name list - - super.refreshConfigAndValueNames(); - - addValueName(VAL_CRITICAL); - addValueName(VAL_PERMITTED_SUBTREES); - addValueName(VAL_EXCLUDED_SUBTREES); - - addConfigName(CONFIG_CRITICAL); - int num = getNumPermitted(); - - addConfigName(CONFIG_NUM_PERMITTED_SUBTREES); - - for (int i = 0; i < num; i++) { - addConfigName(CONFIG_PERMITTED_MIN_VAL + i); - addConfigName(CONFIG_PERMITTED_MAX_VAL + i); - addConfigName(CONFIG_PERMITTED_NAME_CHOICE + i); - addConfigName(CONFIG_PERMITTED_NAME_VAL + i); - addConfigName(CONFIG_PERMITTED_ENABLE + i); - } - - num = getNumExcluded(); - - addConfigName(CONFIG_NUM_EXCLUDED_SUBTREES); - for (int i = 0; i < num; i++) { - addConfigName(CONFIG_EXCLUDED_MIN_VAL + i); - addConfigName(CONFIG_EXCLUDED_MAX_VAL + i); - addConfigName(CONFIG_EXCLUDED_NAME_CHOICE + i); - addConfigName(CONFIG_EXCLUDED_NAME_VAL + i); - addConfigName(CONFIG_EXCLUDED_ENABLE + i); - } - - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.startsWith(CONFIG_PERMITTED_MIN_VAL)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_MIN_VAL")); - } else if (name.startsWith(CONFIG_PERMITTED_MAX_VAL)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_MAX_VAL")); - } else if (name.startsWith(CONFIG_PERMITTED_NAME_CHOICE)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_NAME_CHOICE")); - } else if (name.startsWith(CONFIG_PERMITTED_NAME_VAL)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_NAME_VAL")); - } else if (name.startsWith(CONFIG_PERMITTED_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); - } else if (name.startsWith(CONFIG_EXCLUDED_MIN_VAL)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_MIN_VAL")); - } else if (name.startsWith(CONFIG_EXCLUDED_MAX_VAL)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_MAX_VAL")); - } else if (name.startsWith(CONFIG_EXCLUDED_NAME_CHOICE)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_NAME_CHOICE")); - } else if (name.startsWith(CONFIG_EXCLUDED_NAME_VAL)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_NAME_VAL")); - } else if (name.startsWith(CONFIG_EXCLUDED_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); - } else if (name.startsWith(CONFIG_NUM_EXCLUDED_SUBTREES)) { - return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_EXCLUDED_SUBTREES")); - } else if (name.startsWith(CONFIG_NUM_PERMITTED_SUBTREES)) { - return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_PERMITTED_SUBTREES")); - } - return null; - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_PERMITTED_SUBTREES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_SUBTREES")); - } else if (name.equals(VAL_EXCLUDED_SUBTREES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_SUBTREES")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - NameConstraintsExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = (NameConstraintsExtension) - getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); - - if (ext == null) { - populate(null, info); - } - - if (name.equals(VAL_CRITICAL)) { - ext = (NameConstraintsExtension) - getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); - boolean val = Boolean.valueOf(value).booleanValue(); - - if (ext == null) { - return; - } - ext.setCritical(val); - } else if (name.equals(VAL_PERMITTED_SUBTREES)) { - ext = (NameConstraintsExtension) - getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); - - if (ext == null) { - return; - } - if ((value == null) || (value.equals("null")) || (value.equals(""))) { - CMS.debug("NameConstraintsExtDefault:setValue : " + - "blank value for permitted subtrees ... returning"); - return; - } - - Vector<NameValuePairs> v = parseRecords(value); - - Vector<GeneralSubtree> permittedSubtrees = createSubtrees(locale, v); - - ext.set(NameConstraintsExtension.PERMITTED_SUBTREES, - new GeneralSubtrees(permittedSubtrees)); - } else if (name.equals(VAL_EXCLUDED_SUBTREES)) { - ext = (NameConstraintsExtension) - getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); - - if (ext == null) { - return; - } - if ((value == null) || (value.equals("null")) || (value.equals(""))) { - CMS.debug("NameConstraintsExtDefault:setValue : " + - "blank value for excluded subtrees ... returning"); - return; - } - Vector<NameValuePairs> v = parseRecords(value); - - Vector<GeneralSubtree> excludedSubtrees = createSubtrees(locale, v); - - ext.set(NameConstraintsExtension.EXCLUDED_SUBTREES, - new GeneralSubtrees(excludedSubtrees)); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - replaceExtension(PKIXExtensions.NameConstraints_Id.toString(), ext, info); - } catch (IOException e) { - CMS.debug("NameConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } catch (EProfileException e) { - CMS.debug("NameConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - private Vector<GeneralSubtree> createSubtrees(Locale locale, Vector<NameValuePairs> v) throws EPropertyException { - int size = v.size(); - String choice = null; - String val = ""; - String minS = null; - String maxS = null; - - Vector<GeneralSubtree> subtrees = new Vector<GeneralSubtree>(); - - for (int i = 0; i < size; i++) { - NameValuePairs nvps = v.elementAt(i); - - for (String name1 : nvps.keySet()) { - - if (name1.equals(GENERAL_NAME_CHOICE)) { - choice = nvps.get(name1); - } else if (name1.equals(GENERAL_NAME_VALUE)) { - val = nvps.get(name1); - } else if (name1.equals(MIN_VALUE)) { - minS = nvps.get(name1); - } else if (name1.equals(MAX_VALUE)) { - maxS = nvps.get(name1); - } - } - - if (choice == null || choice.length() == 0) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_PROFILE_GENERAL_NAME_NOT_FOUND")); - } - - if (val == null) - val = ""; - - int min = 0; - int max = -1; - - if (minS != null && minS.length() > 0) - min = Integer.parseInt(minS); - if (maxS != null && maxS.length() > 0) - max = Integer.parseInt(maxS); - - GeneralName gn = null; - GeneralNameInterface gnI = null; - - try { - gnI = parseGeneralName(choice + ":" + val); - } catch (IOException e) { - CMS.debug("NameConstraintsExtDefault: createSubtress " + - e.toString()); - } - - if (gnI != null) { - gn = new GeneralName(gnI); - } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_PROFILE_GENERAL_NAME_NOT_FOUND")); - } - GeneralSubtree subtree = new GeneralSubtree( - gn, min, max); - - subtrees.addElement(subtree); - } - - return subtrees; - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - NameConstraintsExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = (NameConstraintsExtension) - getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); - - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - if (name.equals(VAL_CRITICAL)) { - ext = (NameConstraintsExtension) - getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_PERMITTED_SUBTREES)) { - ext = (NameConstraintsExtension) - getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); - - if (ext == null) - return ""; - - GeneralSubtrees subtrees = null; - - try { - subtrees = (GeneralSubtrees) - ext.get(NameConstraintsExtension.PERMITTED_SUBTREES); - } catch (IOException e) { - CMS.debug("NameConstraintExtDefault: getValue " + e.toString()); - } - - if (subtrees == null) { - CMS.debug("NameConstraintsExtDefault::getValue() VAL_PERMITTED_SUBTREES is null!"); - throw new EPropertyException("subtrees is null"); - } - - return getSubtreesInfo(ext, subtrees); - } else if (name.equals(VAL_EXCLUDED_SUBTREES)) { - ext = (NameConstraintsExtension) - getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); - - if (ext == null) - return ""; - - GeneralSubtrees subtrees = null; - - try { - subtrees = (GeneralSubtrees) - ext.get(NameConstraintsExtension.EXCLUDED_SUBTREES); - } catch (IOException e) { - CMS.debug("NameConstraintExtDefault: getValue " + e.toString()); - } - - if (subtrees == null) { - CMS.debug("NameConstraintsExtDefault::getValue() VAL_EXCLUDED_SUBTREES is null!"); - throw new EPropertyException("subtrees is null"); - } - - return getSubtreesInfo(ext, subtrees); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - private String getSubtreesInfo(NameConstraintsExtension ext, - GeneralSubtrees subtrees) throws EPropertyException { - Vector<GeneralSubtree> trees = subtrees.getSubtrees(); - int size = trees.size(); - - Vector<NameValuePairs> recs = new Vector<NameValuePairs>(); - - for (int i = 0; i < size; i++) { - GeneralSubtree tree = (GeneralSubtree) trees.elementAt(i); - - GeneralName gn = tree.getGeneralName(); - String type = getGeneralNameType(gn); - int max = tree.getMaxValue(); - int min = tree.getMinValue(); - - NameValuePairs pairs = new NameValuePairs(); - - pairs.put(GENERAL_NAME_CHOICE, type); - pairs.put(GENERAL_NAME_VALUE, getGeneralNameValue(gn)); - pairs.put(MIN_VALUE, Integer.toString(min)); - pairs.put(MAX_VALUE, Integer.toString(max)); - pairs.put(ENABLE, "true"); - - recs.addElement(pairs); - } - - return buildRecords(recs); - } - - public String getText(Locale locale) { - StringBuffer sb = new StringBuffer(); - int num = getNumPermitted(); - - for (int i = 0; i < num; i++) { - sb.append("Permitted #"); - sb.append(i); - sb.append("{"); - sb.append(GENERAL_NAME_CHOICE + ":"); - sb.append(getConfig(CONFIG_PERMITTED_NAME_CHOICE + i)); - sb.append(","); - sb.append(GENERAL_NAME_VALUE + ":"); - sb.append(getConfig(CONFIG_PERMITTED_NAME_VAL + i)); - sb.append(","); - sb.append(MIN_VALUE + ":"); - sb.append(getConfig(CONFIG_PERMITTED_MIN_VAL + i)); - sb.append(","); - sb.append(MAX_VALUE + ":"); - sb.append(getConfig(CONFIG_PERMITTED_MAX_VAL + i)); - sb.append("}"); - } - num = getNumExcluded(); - for (int i = 0; i < num; i++) { - sb.append("Exluded #"); - sb.append(i); - sb.append("{"); - sb.append(GENERAL_NAME_CHOICE + ":"); - sb.append(getConfig(CONFIG_EXCLUDED_NAME_CHOICE + i)); - sb.append(","); - sb.append(GENERAL_NAME_VALUE + ":"); - sb.append(getConfig(CONFIG_EXCLUDED_NAME_VAL + i)); - sb.append(","); - sb.append(MIN_VALUE + ":"); - sb.append(getConfig(CONFIG_EXCLUDED_MIN_VAL + i)); - sb.append(","); - sb.append(MAX_VALUE + ":"); - sb.append(getConfig(CONFIG_EXCLUDED_MAX_VAL + i)); - sb.append("}"); - } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_NAME_CONSTRAINTS_EXT", - getConfig(CONFIG_CRITICAL), sb.toString()); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - NameConstraintsExtension ext = createExtension(); - - addExtension(PKIXExtensions.NameConstraints_Id.toString(), ext, info); - } - - public NameConstraintsExtension createExtension() { - NameConstraintsExtension ext = null; - - try { - int num = getNumPermitted(); - - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - - Vector<GeneralSubtree> v = new Vector<GeneralSubtree>(); - - for (int i = 0; i < num; i++) { - String enable = getConfig(CONFIG_PERMITTED_ENABLE + i); - - if (enable != null && enable.equals("true")) { - String choice = getConfig(CONFIG_PERMITTED_NAME_CHOICE + i); - String value = getConfig(CONFIG_PERMITTED_NAME_VAL + i); - String minS = getConfig(CONFIG_PERMITTED_MIN_VAL + i); - String maxS = getConfig(CONFIG_PERMITTED_MAX_VAL + i); - - v.addElement(createSubtree(choice, value, minS, maxS)); - } - } - - Vector<GeneralSubtree> v1 = new Vector<GeneralSubtree>(); - - num = getNumExcluded(); - for (int i = 0; i < num; i++) { - String enable = getConfig(CONFIG_EXCLUDED_ENABLE + i); - - if (enable != null && enable.equals("true")) { - String choice = getConfig(CONFIG_EXCLUDED_NAME_CHOICE + i); - String value = getConfig(CONFIG_EXCLUDED_NAME_VAL + i); - String minS = getConfig(CONFIG_EXCLUDED_MIN_VAL + i); - String maxS = getConfig(CONFIG_EXCLUDED_MAX_VAL + i); - - v1.addElement(createSubtree(choice, value, minS, maxS)); - } - } - - ext = new NameConstraintsExtension(critical, - new GeneralSubtrees(v), new GeneralSubtrees(v1)); - } catch (Exception e) { - CMS.debug("NameConstraintsExtDefault: createExtension " + - e.toString()); - } - - return ext; - } - - private GeneralSubtree createSubtree(String choice, String value, - String minS, String maxS) { - GeneralName gn = null; - GeneralNameInterface gnI = null; - - try { - gnI = parseGeneralName(choice + ":" + value); - } catch (IOException e) { - CMS.debug(e.toString()); - } - if (gnI != null) - gn = new GeneralName(gnI); - else - //throw new EPropertyException("GeneralName must not be null"); - return null; - - int min = 0; - - if (minS != null && minS.length() > 0) - min = Integer.parseInt(minS); - int max = -1; - - if (maxS != null && maxS.length() > 0) - max = Integer.parseInt(maxS); - - return (new GeneralSubtree(gn, min, max)); - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java deleted file mode 100644 index 4678f4487..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java +++ /dev/null @@ -1,111 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.util.Enumeration; -import java.util.Locale; -import java.util.Vector; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IPolicyDefault; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements no default policy. - * - * @version $Revision$, $Date$ - */ -public class NoDefault implements IPolicyDefault { - - public static final String PROP_NAME = "name"; - - protected Vector<String> mValues = new Vector<String>(); - protected Vector<String> mNames = new Vector<String>(); - protected IConfigStore mConfig = null; - - public Enumeration<String> getConfigNames() { - return mNames.elements(); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - return null; - } - - public void setConfig(String name, String value) - throws EPropertyException { - } - - public String getDefaultConfig(String name) { - return null; - } - - public String getConfig(String name) { - return null; - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - mConfig = config; - } - - public IConfigStore getConfigStore() { - return mConfig; - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request) - throws EProfileException { - } - - public Enumeration<String> getValueNames() { - return mValues.elements(); - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - return null; - } - - public void setValue(String name, Locale locale, IRequest request, - String value) - throws EPropertyException { - } - - public String getValue(String name, Locale locale, IRequest request) { - return null; - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_NO_DEFAULT"); - } - - public String getName(Locale locale) { - try { - return mConfig.getString(PROP_NAME); - } catch (EBaseException e) { - return null; - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java deleted file mode 100644 index 382f3cec3..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java +++ /dev/null @@ -1,185 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.util.Locale; - -import netscape.security.extensions.OCSPNoCheckExtension; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates an OCSP No Check extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class OCSPNoCheckExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "ocspNoCheckCritical"; - - public static final String VAL_CRITICAL = "ocspNoCheckCritical"; - - public OCSPNoCheckExtDefault() { - super(); - addValueName(VAL_CRITICAL); - addConfigName(CONFIG_CRITICAL); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - OCSPNoCheckExtension ext = (OCSPNoCheckExtension) - getExtension(OCSPNoCheckExtension.OID, info); - - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - if (name.equals(VAL_CRITICAL)) { - ext = (OCSPNoCheckExtension) - getExtension(OCSPNoCheckExtension.OID, info); - boolean val = Boolean.valueOf(value).booleanValue(); - - if (ext == null) { - return; - } - ext.setCritical(val); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - OCSPNoCheckExtension ext = (OCSPNoCheckExtension) - getExtension(OCSPNoCheckExtension.OID, info); - - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - if (name.equals(VAL_CRITICAL)) { - ext = (OCSPNoCheckExtension) - getExtension(OCSPNoCheckExtension.OID, info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_OCSP_NO_CHECK_EXT", - getConfig(CONFIG_CRITICAL)); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - OCSPNoCheckExtension ext = createExtension(); - - addExtension(OCSPNoCheckExtension.OID, ext, info); - } - - public OCSPNoCheckExtension createExtension() { - OCSPNoCheckExtension ext = null; - - try { - ext = new OCSPNoCheckExtension(); - } catch (Exception e) { - CMS.debug("OCSPNoCheckExtDefault: createExtension " + - e.toString()); - return null; - } - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - - ext.setCritical(critical); - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java deleted file mode 100644 index db9b95a04..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java +++ /dev/null @@ -1,287 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Locale; - -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.PolicyConstraintsExtension; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a policy constraints extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class PolicyConstraintsExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "policyConstraintsCritical"; - public static final String CONFIG_REQ_EXPLICIT_POLICY = "policyConstraintsReqExplicitPolicy"; - public static final String CONFIG_INHIBIT_POLICY_MAPPING = "policyConstraintsInhibitPolicyMapping"; - - public static final String VAL_CRITICAL = "policyConstraintsCritical"; - public static final String VAL_REQ_EXPLICIT_POLICY = "policyConstraintsReqExplicitPolicy"; - public static final String VAL_INHIBIT_POLICY_MAPPING = "policyConstraintsInhibitPolicyMapping"; - - public PolicyConstraintsExtDefault() { - super(); - addValueName(VAL_CRITICAL); - addValueName(VAL_REQ_EXPLICIT_POLICY); - addValueName(VAL_INHIBIT_POLICY_MAPPING); - - addConfigName(CONFIG_CRITICAL); - addConfigName(CONFIG_REQ_EXPLICIT_POLICY); - addConfigName(CONFIG_INHIBIT_POLICY_MAPPING); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(CONFIG_REQ_EXPLICIT_POLICY)) { - return new Descriptor(IDescriptor.INTEGER, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_REQUIRED_EXPLICIT_POLICY")); - } else if (name.equals(CONFIG_INHIBIT_POLICY_MAPPING)) { - return new Descriptor(IDescriptor.INTEGER, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_INHIBIT_POLICY_MAPPING")); - } - return null; - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { - return new Descriptor(IDescriptor.INTEGER, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_REQUIRED_EXPLICIT_POLICY")); - } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) { - return new Descriptor(IDescriptor.INTEGER, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_INHIBIT_POLICY_MAPPING")); - } - return null; - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - PolicyConstraintsExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); - - if (ext == null) { - populate(null, info); - } - - if (name.equals(VAL_CRITICAL)) { - ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); - boolean val = Boolean.valueOf(value).booleanValue(); - - if (ext == null) { - return; - } - ext.setCritical(val); - } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { - ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); - - if (ext == null) { - return; - } - Integer num = new Integer(value); - - ext.set(PolicyConstraintsExtension.REQUIRE, num); - } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) { - ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); - - if (ext == null) { - return; - } - Integer num = new Integer(value); - - ext.set(PolicyConstraintsExtension.INHIBIT, num); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - replaceExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - ext, info); - } catch (EProfileException e) { - CMS.debug("PolicyConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } catch (IOException e) { - CMS.debug("PolicyConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - PolicyConstraintsExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); - if (ext == null) { - - try { - populate(null, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - if (name.equals(VAL_CRITICAL)) { - ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { - ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); - - if (ext == null) - return ""; - - int num = ext.getRequireExplicitMapping(); - - return "" + num; - } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) { - ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); - - if (ext == null) - return ""; - - int num = ext.getInhibitPolicyMapping(); - - return "" + num; - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_REQ_EXPLICIT_POLICY), - getConfig(CONFIG_INHIBIT_POLICY_MAPPING) - }; - - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_POLICY_CONSTRAINTS_EXT", params); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - PolicyConstraintsExtension ext = createExtension(); - - if (ext == null) - return; - addExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - ext, info); - } - - public PolicyConstraintsExtension createExtension() { - PolicyConstraintsExtension ext = null; - - try { - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - - int reqNum = -1; - int inhibitNum = -1; - String req = getConfig(CONFIG_REQ_EXPLICIT_POLICY); - - if (req != null && req.length() > 0) { - reqNum = Integer.parseInt(req); - } - String inhibit = getConfig(CONFIG_INHIBIT_POLICY_MAPPING); - - if (inhibit != null && inhibit.length() > 0) { - inhibitNum = Integer.parseInt(inhibit); - } - ext = new PolicyConstraintsExtension(critical, reqNum, inhibitNum); - } catch (Exception e) { - CMS.debug("PolicyConstraintsExtDefault: createExtension " + - e.toString()); - } - - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java deleted file mode 100644 index 712641c0d..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java +++ /dev/null @@ -1,420 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Locale; -import java.util.Vector; - -import netscape.security.util.ObjectIdentifier; -import netscape.security.x509.CertificatePolicyId; -import netscape.security.x509.CertificatePolicyMap; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.PolicyMappingsExtension; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.common.NameValuePairs; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a policy mappings extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class PolicyMappingsExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "policyMappingsCritical"; - public static final String CONFIG_NUM_POLICY_MAPPINGS = "policyMappingsNum"; - public static final String CONFIG_ISSUER_DOMAIN_POLICY = "policyMappingsIssuerDomainPolicy_"; - public static final String CONFIG_SUBJECT_DOMAIN_POLICY = "policyMappingsSubjectDomainPolicy_"; - public static final String CONFIG_ENABLE = "policyMappingsEnable_"; - - public static final String VAL_CRITICAL = "policyMappingsCritical"; - public static final String VAL_DOMAINS = "policyMappingsDomains"; - - private static final String ISSUER_POLICY_ID = "Issuer Policy Id"; - private static final String SUBJECT_POLICY_ID = "Subject Policy Id"; - private static final String POLICY_ID_ENABLE = "Enable"; - - private static final int DEF_NUM_MAPPINGS = 1; - private static final int MAX_NUM_MAPPINGS = 100; - - public PolicyMappingsExtDefault() { - super(); - } - - protected int getNumMappings() { - int num = DEF_NUM_MAPPINGS; - String numMappings = getConfig(CONFIG_NUM_POLICY_MAPPINGS); - - if (numMappings != null) { - try { - num = Integer.parseInt(numMappings); - } catch (NumberFormatException e) { - // ignore - } - } - return num; - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - refreshConfigAndValueNames(); - } - - public void setConfig(String name, String value) - throws EPropertyException { - int num = 0; - if (name.equals(CONFIG_NUM_POLICY_MAPPINGS)) { - try { - num = Integer.parseInt(value); - - if (num >= MAX_NUM_MAPPINGS || num < 0) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_POLICY_MAPPINGS)); - } - - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_POLICY_MAPPINGS)); - } - } - super.setConfig(name, value); - } - - public Enumeration<String> getConfigNames() { - refreshConfigAndValueNames(); - return super.getConfigNames(); - } - - protected void refreshConfigAndValueNames() { - super.refreshConfigAndValueNames(); - - addValueName(VAL_CRITICAL); - addValueName(VAL_DOMAINS); - - addConfigName(CONFIG_CRITICAL); - int num = getNumMappings(); - - addConfigName(CONFIG_NUM_POLICY_MAPPINGS); - for (int i = 0; i < num; i++) { - addConfigName(CONFIG_ISSUER_DOMAIN_POLICY + i); - addConfigName(CONFIG_SUBJECT_DOMAIN_POLICY + i); - addConfigName(CONFIG_ENABLE + i); - } - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.startsWith(CONFIG_ISSUER_DOMAIN_POLICY)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_DOMAIN_POLICY")); - } else if (name.startsWith(CONFIG_SUBJECT_DOMAIN_POLICY)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_DOMAIN_POLICY")); - } else if (name.startsWith(CONFIG_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); - } else if (name.startsWith(CONFIG_NUM_POLICY_MAPPINGS)) { - return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICY_MAPPINGS")); - } - - return null; - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_DOMAINS)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_DOMAINS")); - } - return null; - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - PolicyMappingsExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = (PolicyMappingsExtension) - getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); - - if (ext == null) { - populate(null, info); - - } - - if (name.equals(VAL_CRITICAL)) { - ext = (PolicyMappingsExtension) - getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); - boolean val = Boolean.valueOf(value).booleanValue(); - - if (ext == null) { - return; - } - ext.setCritical(val); - } else if (name.equals(VAL_DOMAINS)) { - ext = (PolicyMappingsExtension) - getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); - - if (ext == null) { - return; - } - Vector<NameValuePairs> v = parseRecords(value); - int size = v.size(); - - String issuerPolicyId = null; - String subjectPolicyId = null; - String enable = null; - Vector<CertificatePolicyMap> policyMaps = new Vector<CertificatePolicyMap>(); - - for (int i = 0; i < size; i++) { - NameValuePairs nvps = v.elementAt(i); - - for (String name1 : nvps.keySet()) { - - if (name1.equals(ISSUER_POLICY_ID)) { - issuerPolicyId = nvps.get(name1); - } else if (name1.equals(SUBJECT_POLICY_ID)) { - subjectPolicyId = nvps.get(name1); - } else if (name1.equals(POLICY_ID_ENABLE)) { - enable = nvps.get(name1); - } - } - - if (enable != null && enable.equals("true")) { - if (issuerPolicyId == null || - issuerPolicyId.length() == 0 || subjectPolicyId == null || - subjectPolicyId.length() == 0) - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_PROFILE_POLICY_ID_NOT_FOUND")); - CertificatePolicyMap map = new CertificatePolicyMap( - new CertificatePolicyId(new ObjectIdentifier(issuerPolicyId)), - new CertificatePolicyId(new ObjectIdentifier(subjectPolicyId))); - - policyMaps.addElement(map); - } - } - ext.set(PolicyMappingsExtension.MAP, policyMaps); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - replaceExtension(PKIXExtensions.PolicyMappings_Id.toString(), - ext, info); - } catch (EProfileException e) { - CMS.debug("PolicyMappingsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } catch (IOException e) { - CMS.debug("PolicyMappingsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - PolicyMappingsExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = (PolicyMappingsExtension) - getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - if (name.equals(VAL_CRITICAL)) { - ext = (PolicyMappingsExtension) - getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_DOMAINS)) { - ext = (PolicyMappingsExtension) - getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); - - if (ext == null) - return ""; - - int num_mappings = getNumMappings(); - - Enumeration<CertificatePolicyMap> maps = ext.getMappings(); - - Vector<NameValuePairs> recs = new Vector<NameValuePairs>(); - - for (int i = 0; i < num_mappings; i++) { - NameValuePairs pairs = new NameValuePairs(); - - if (maps.hasMoreElements()) { - CertificatePolicyMap map = - (CertificatePolicyMap) maps.nextElement(); - - CertificatePolicyId i1 = map.getIssuerIdentifier(); - CertificatePolicyId s1 = map.getSubjectIdentifier(); - - pairs.put(ISSUER_POLICY_ID, i1.getIdentifier().toString()); - pairs.put(SUBJECT_POLICY_ID, s1.getIdentifier().toString()); - pairs.put(POLICY_ID_ENABLE, "true"); - } else { - pairs.put(ISSUER_POLICY_ID, ""); - pairs.put(SUBJECT_POLICY_ID, ""); - pairs.put(POLICY_ID_ENABLE, "false"); - - } - recs.addElement(pairs); - } - - return buildRecords(recs); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - StringBuffer sb = new StringBuffer(); - int num = getNumMappings(); - - for (int i = 0; i < num; i++) { - sb.append("Record #"); - sb.append(i); - sb.append("{"); - sb.append(ISSUER_POLICY_ID + ":"); - sb.append(getConfig(CONFIG_ISSUER_DOMAIN_POLICY + i)); - sb.append(","); - sb.append(SUBJECT_POLICY_ID + ":"); - sb.append(getConfig(CONFIG_SUBJECT_DOMAIN_POLICY + i)); - sb.append(","); - sb.append(POLICY_ID_ENABLE + ":"); - sb.append(getConfig(CONFIG_ENABLE + i)); - sb.append("}"); - } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_POLICY_MAPPINGS_EXT", - getConfig(CONFIG_CRITICAL), sb.toString()); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - PolicyMappingsExtension ext = createExtension(); - - if (ext == null) - return; - addExtension(PKIXExtensions.PolicyMappings_Id.toString(), - ext, info); - } - - public PolicyMappingsExtension createExtension() { - PolicyMappingsExtension ext = null; - - try { - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - Vector<CertificatePolicyMap> policyMaps = new Vector<CertificatePolicyMap>(); - int num = getNumMappings(); - - for (int i = 0; i < num; i++) { - String enable = getConfig(CONFIG_ENABLE + i); - - if (enable != null && enable.equals("true")) { - String issuerID = getConfig(CONFIG_ISSUER_DOMAIN_POLICY + i); - - if (issuerID == null || issuerID.length() == 0) { - return null; - } - - String subjectID = getConfig(CONFIG_SUBJECT_DOMAIN_POLICY + i); - - if (subjectID == null || subjectID.length() == 0) { - return null; - } - - CertificatePolicyMap map = new CertificatePolicyMap( - new CertificatePolicyId(new ObjectIdentifier(issuerID)), - new CertificatePolicyId(new ObjectIdentifier(subjectID))); - - policyMaps.addElement(map); - } - } - - ext = new PolicyMappingsExtension(critical, policyMaps); - } catch (Exception e) { - CMS.debug("PolicyMappingsExtDefault: createExtension " + - e.toString()); - } - - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java deleted file mode 100644 index 20285567e..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java +++ /dev/null @@ -1,316 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.text.ParsePosition; -import java.text.SimpleDateFormat; -import java.util.Date; -import java.util.Locale; - -import netscape.security.util.ObjectIdentifier; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.PrivateKeyUsageExtension; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a Private Key Usage Period extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "puCritical"; - public static final String CONFIG_START_TIME = "puStartTime"; - public static final String CONFIG_DURATION = "puDurationInDays"; // in days - - public static final String VAL_CRITICAL = "puCritical"; - public static final String VAL_NOT_BEFORE = "puNotBefore"; - public static final String VAL_NOT_AFTER = "puNotAfter"; - - public static final String DATE_FORMAT = "yyyy-MM-dd HH:mm:ss"; - private long mDefault = 86400000; // 1 days - - public PrivateKeyUsagePeriodExtDefault() { - super(); - addValueName(VAL_CRITICAL); - addValueName(VAL_NOT_BEFORE); - addValueName(VAL_NOT_AFTER); - - addConfigName(CONFIG_CRITICAL); - addConfigName(CONFIG_START_TIME); - addConfigName(CONFIG_DURATION); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(CONFIG_START_TIME)) { - return new Descriptor(IDescriptor.STRING, null, - "0", - CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_START_TIME")); - } else if (name.equals(CONFIG_DURATION)) { - return new Descriptor(IDescriptor.STRING, null, - "365", - CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_RANGE")); - } else { - return null; - } - } - - public void setConfig(String name, String value) - throws EPropertyException { - if (name.equals(CONFIG_START_TIME)) { - try { - Integer.parseInt(value); - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_START_TIME)); - } - } else if (name.equals(CONFIG_DURATION)) { - try { - Integer.parseInt(value); - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_DURATION)); - } - } - super.setConfig(name, value); - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_NOT_BEFORE)) { - return new Descriptor(IDescriptor.STRING, null, - "0", - CMS.getUserMessage(locale, "CMS_PROFILE_NOT_BEFORE")); - } else if (name.equals(VAL_NOT_AFTER)) { - return new Descriptor(IDescriptor.STRING, null, - "30", - CMS.getUserMessage(locale, "CMS_PROFILE_NOT_AFTER")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - PrivateKeyUsageExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ObjectIdentifier oid = PKIXExtensions.PrivateKeyUsage_Id; - - ext = (PrivateKeyUsageExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - populate(null, info); - } - - if (name.equals(VAL_CRITICAL)) { - - ext = (PrivateKeyUsageExtension) - getExtension(oid.toString(), info); - boolean val = Boolean.valueOf(value).booleanValue(); - - if (ext == null) { - return; - } - ext.setCritical(val); - } else if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); - ParsePosition pos = new ParsePosition(0); - Date date = formatter.parse(value, pos); - - ext = (PrivateKeyUsageExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - return; - } - ext.set(PrivateKeyUsageExtension.NOT_BEFORE, date); - } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); - ParsePosition pos = new ParsePosition(0); - Date date = formatter.parse(value, pos); - - ext = (PrivateKeyUsageExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - return; - } - ext.set(PrivateKeyUsageExtension.NOT_AFTER, date); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - replaceExtension(ext.getExtensionId().toString(), ext, info); - } catch (EProfileException e) { - CMS.debug("PrivateKeyUsageExtension: setValue " + e.toString()); - } catch (Exception e) { - CMS.debug("PrivateKeyUsageExtension: setValue " + e.toString()); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - PrivateKeyUsageExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ObjectIdentifier oid = PKIXExtensions.PrivateKeyUsage_Id; - - ext = (PrivateKeyUsageExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - if (name.equals(VAL_CRITICAL)) { - - ext = (PrivateKeyUsageExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); - - ext = (PrivateKeyUsageExtension) - getExtension(oid.toString(), info); - - if (ext == null) - return ""; - - return formatter.format(ext.getNotBefore()); - } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); - - ext = (PrivateKeyUsageExtension) - getExtension(oid.toString(), info); - - if (ext == null) - return ""; - - return formatter.format(ext.getNotAfter()); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_START_TIME), - getConfig(CONFIG_DURATION) - }; - - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_PRIVATE_KEY_EXT", params); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - PrivateKeyUsageExtension ext = createExtension(); - - addExtension(ext.getExtensionId().toString(), ext, info); - } - - public PrivateKeyUsageExtension createExtension() { - PrivateKeyUsageExtension ext = null; - - try { - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - - // always + 60 seconds - String startTimeStr = getConfig(CONFIG_START_TIME); - - if (startTimeStr == null || startTimeStr.equals("")) { - startTimeStr = "60"; - } - int startTime = Integer.parseInt(startTimeStr); - Date notBefore = new Date(CMS.getCurrentDate().getTime() + - (1000 * startTime)); - long notAfterVal = 0; - - notAfterVal = notBefore.getTime() + - (mDefault * Integer.parseInt(getConfig(CONFIG_DURATION))); - Date notAfter = new Date(notAfterVal); - - ext = new PrivateKeyUsageExtension(notBefore, notAfter); - ext.setCritical(critical); - } catch (Exception e) { - CMS.debug("PrivateKeyUsagePeriodExt: createExtension " + - e.toString()); - } - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java deleted file mode 100644 index 11da93fc8..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java +++ /dev/null @@ -1,183 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.util.Locale; - -import netscape.security.x509.AlgorithmId; -import netscape.security.x509.CertificateAlgorithmId; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.ca.ICertificateAuthority; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a signing algorithm - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class SigningAlgDefault extends EnrollDefault { - - public static final String CONFIG_ALGORITHM = "signingAlg"; - - public static final String VAL_ALGORITHM = "signingAlg"; - public static final String DEF_CONFIG_ALGORITHMS = - "-,MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA"; - - public SigningAlgDefault() { - super(); - addConfigName(CONFIG_ALGORITHM); - addValueName(VAL_ALGORITHM); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_ALGORITHM)) { - return new Descriptor(IDescriptor.CHOICE, DEF_CONFIG_ALGORITHMS, - "SHA256withRSA", - CMS.getUserMessage(locale, "CMS_PROFILE_SIGNING_ALGORITHM")); - } else { - return null; - } - } - - public String getSigningAlg() { - String signingAlg = getConfig(CONFIG_ALGORITHM); - // if specified, use the specified one. Otherwise, pick - // the best selection for the user - if (signingAlg == null || signingAlg.equals("") || - signingAlg.equals("-")) { - // best pick for the user - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); - return ca.getDefaultAlgorithm(); - } else { - return signingAlg; - } - } - - public String getDefSigningAlgorithms() { - StringBuffer allowed = new StringBuffer(); - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); - String algos[] = ca.getCASigningAlgorithms(); - for (int i = 0; i < algos.length; i++) { - if (allowed.length() == 0) { - allowed.append(algos[i]); - } else { - allowed.append(","); - allowed.append(algos[i]); - } - } - return allowed.toString(); - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_ALGORITHM)) { - String allowed = getDefSigningAlgorithms(); - return new Descriptor(IDescriptor.CHOICE, - allowed, null, - CMS.getUserMessage(locale, "CMS_PROFILE_SIGNING_ALGORITHM")); - } - return null; - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_ALGORITHM)) { - try { - info.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId( - AlgorithmId.getAlgorithmId(value))); - } catch (Exception e) { - CMS.debug("SigningAlgDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - - if (name == null) - throw new EPropertyException("Invalid name " + name); - - if (name.equals(VAL_ALGORITHM)) { - CertificateAlgorithmId algId = null; - - try { - algId = (CertificateAlgorithmId) - info.get(X509CertInfo.ALGORITHM_ID); - AlgorithmId id = (AlgorithmId) - algId.get(CertificateAlgorithmId.ALGORITHM); - - return id.toString(); - } catch (Exception e) { - CMS.debug("SigningAlgDefault: getValue " + e.toString()); - } - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIGNING_ALGORITHM", - getSigningAlg()); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - try { - info.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId( - AlgorithmId.getAlgorithmId(getSigningAlg()))); - } catch (Exception e) { - CMS.debug("SigningAlgDefault: populate " + e.toString()); - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java deleted file mode 100644 index d3838577e..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java +++ /dev/null @@ -1,542 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Locale; -import java.util.StringTokenizer; -import java.util.UUID; - -import netscape.security.x509.GeneralNameInterface; -import netscape.security.x509.GeneralNames; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.SubjectAlternativeNameExtension; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IAttrSet; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.pattern.Pattern; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a subject alternative name extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class SubjectAltNameExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "subjAltNameExtCritical"; - public static final String CONFIG_NUM_GNS = "subjAltNameNumGNs"; - public static final String CONFIG_GN_ENABLE = "subjAltExtGNEnable_"; - public static final String CONFIG_TYPE = "subjAltExtType_"; - public static final String CONFIG_PATTERN = "subjAltExtPattern_"; - public static final String CONFIG_SOURCE = "subjAltExtSource_"; - public static final String CONFIG_SOURCE_UUID4 = "UUID4"; - - public static final String CONFIG_OLD_TYPE = "subjAltExtType"; - public static final String CONFIG_OLD_PATTERN = "subjAltExtPattern"; - - public static final String VAL_CRITICAL = "subjAltNameExtCritical"; - public static final String VAL_GENERAL_NAMES = "subjAltNames"; - - private static final String GN_ENABLE = "Enable"; - private static final String GN_TYPE = "Pattern Type"; - private static final String GN_PATTERN = "Pattern"; - - private static final int DEF_NUM_GN = 1; - private static final int MAX_NUM_GN = 100; - - public SubjectAltNameExtDefault() { - super(); - } - - protected int getNumGNs() { - int num = DEF_NUM_GN; - String numGNs = getConfig(CONFIG_NUM_GNS); - - if (numGNs != null) { - try { - num = Integer.parseInt(numGNs); - } catch (NumberFormatException e) { - // ignore - } - } - - if (num >= MAX_NUM_GN) - num = DEF_NUM_GN; - return num; - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - - super.init(profile, config); - refreshConfigAndValueNames(); - // migrate old parameters to new parameters - String old_type = null; - String old_pattern = null; - IConfigStore paramConfig = config.getSubStore("params"); - try { - if (paramConfig != null) { - old_type = paramConfig.getString(CONFIG_OLD_TYPE); - } - } catch (EBaseException e) { - // nothing to do here - } - CMS.debug("SubjectAltNameExtDefault: Upgrading old_type=" + - old_type); - try { - if (paramConfig != null) { - old_pattern = paramConfig.getString(CONFIG_OLD_PATTERN); - } - } catch (EBaseException e) { - // nothing to do here - } - CMS.debug("SubjectAltNameExtDefault: Upgrading old_pattern=" + - old_pattern); - if (old_type != null && old_pattern != null) { - CMS.debug("SubjectAltNameExtDefault: Upgrading"); - try { - paramConfig.putString(CONFIG_NUM_GNS, "1"); - paramConfig.putString(CONFIG_GN_ENABLE + "0", "true"); - paramConfig.putString(CONFIG_TYPE + "0", old_type); - paramConfig.putString(CONFIG_PATTERN + "0", old_pattern); - paramConfig.remove(CONFIG_OLD_TYPE); - paramConfig.remove(CONFIG_OLD_PATTERN); - profile.getConfigStore().commit(true); - } catch (Exception e) { - CMS.debug("SubjectAltNameExtDefault: Failed to upgrade " + e); - } - } - } - - public void setConfig(String name, String value) - throws EPropertyException { - int num = 0; - if (name.equals(CONFIG_NUM_GNS)) { - try { - num = Integer.parseInt(value); - - if (num >= MAX_NUM_GN || num < 0) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_GNS)); - } - - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_GNS)); - } - } - super.setConfig(name, value); - } - - public Enumeration<String> getConfigNames() { - refreshConfigAndValueNames(); - return super.getConfigNames(); - } - - protected void refreshConfigAndValueNames() { - super.refreshConfigAndValueNames(); - - addValueName(VAL_CRITICAL); - addValueName(VAL_GENERAL_NAMES); - - addConfigName(CONFIG_CRITICAL); - int num = getNumGNs(); - addConfigName(CONFIG_NUM_GNS); - for (int i = 0; i < num; i++) { - addConfigName(CONFIG_TYPE + i); - addConfigName(CONFIG_PATTERN + i); - addConfigName(CONFIG_GN_ENABLE + i); - } - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.startsWith(CONFIG_TYPE)) { - return new Descriptor(IDescriptor.CHOICE, - "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName,OtherName", - "RFC822Name", - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_ALT_NAME_TYPE")); - } else if (name.startsWith(CONFIG_PATTERN)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_ALT_NAME_PATTERN")); - } else if (name.startsWith(CONFIG_GN_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_GN_ENABLE")); - } else if (name.startsWith(CONFIG_NUM_GNS)) { - return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_GNS")); - } - - return null; - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_GENERAL_NAMES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - SubjectAlternativeNameExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = - (SubjectAlternativeNameExtension) - getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); - - if (ext == null) { - populate(null, info); - } - - if (name.equals(VAL_CRITICAL)) { - ext = - (SubjectAlternativeNameExtension) - getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); - - if (ext == null) { - // it is ok, the extension is never populated or delted - return; - } - boolean critical = Boolean.valueOf(value).booleanValue(); - - ext.setCritical(critical); - } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = - (SubjectAlternativeNameExtension) - getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); - - if (ext == null) { - // it is ok, the extension is never populated or delted - return; - } - if (value.equals("")) { - // if value is empty, do not add this extension - deleteExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); - return; - } - GeneralNames gn = new GeneralNames(); - StringTokenizer st = new StringTokenizer(value, "\r\n"); - - while (st.hasMoreTokens()) { - String gname = (String) st.nextToken(); - CMS.debug("SubjectAltNameExtDefault: setValue GN:" + gname); - - if (!isGeneralNameValid(gname)) { - continue; - } - GeneralNameInterface n = parseGeneralName(gname); - if (n != null) { - gn.addElement(n); - } - } - if (gn.size() == 0) { - CMS.debug("GN size is zero"); - deleteExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); - return; - } else { - CMS.debug("GN size is non zero (" + gn.size() + ")"); - ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn); - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - replaceExtension( - PKIXExtensions.SubjectAlternativeName_Id.toString(), - ext, info); - } catch (IOException e) { - CMS.debug("SubjectAltNameExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } catch (EProfileException e) { - CMS.debug("SubjectAltNameExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - try { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - SubjectAlternativeNameExtension ext = - (SubjectAlternativeNameExtension) - getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); - - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - if (name.equals(VAL_CRITICAL)) { - ext = - (SubjectAlternativeNameExtension) - getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = - (SubjectAlternativeNameExtension) - getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); - if (ext == null) { - return null; - } - - GeneralNames names = (GeneralNames) - ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME); - StringBuffer sb = new StringBuffer(); - Enumeration<GeneralNameInterface> e = names.elements(); - - while (e.hasMoreElements()) { - GeneralNameInterface gn = e.nextElement(); - - if (!sb.toString().equals("")) { - sb.append("\r\n"); - } - sb.append(toGeneralNameString(gn)); - CMS.debug("SubjectAltNameExtDefault: getValue append GN:" + toGeneralNameString(gn)); - } - return sb.toString(); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } catch (IOException e) { - CMS.debug("SubjectAltNameExtDefault: getValue " + - e.toString()); - } - return null; - } - - /* - * returns text that goes into description for this extension on - * a profile - */ - public String getText(Locale locale) { - StringBuffer sb = new StringBuffer(); - int num = getNumGNs(); - - for (int i = 0; i < num; i++) { - sb.append("Record #"); - sb.append(i); - sb.append("{"); - sb.append(GN_PATTERN + ":"); - sb.append(getConfig(CONFIG_PATTERN + i)); - sb.append(","); - sb.append(GN_TYPE + ":"); - sb.append(getConfig(CONFIG_TYPE + i)); - sb.append(","); - sb.append(GN_ENABLE + ":"); - sb.append(getConfig(CONFIG_GN_ENABLE + i)); - sb.append("}"); - } - ; - - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_ALT_NAME_EXT", getConfig(CONFIG_CRITICAL), - sb.toString()); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - SubjectAlternativeNameExtension ext = null; - - try { - /* read from config file*/ - ext = createExtension(request); - - } catch (IOException e) { - CMS.debug("SubjectAltNameExtDefault: populate " + e.toString()); - } - if (ext != null) { - addExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), - ext, info); - } else { - CMS.debug("SubjectAltNameExtDefault: populate sees no extension. get out"); - } - } - - public SubjectAlternativeNameExtension createExtension(IRequest request) - throws IOException { - SubjectAlternativeNameExtension ext = null; - int num = getNumGNs(); - - boolean critical = Boolean.valueOf( - getConfig(CONFIG_CRITICAL)).booleanValue(); - - GeneralNames gn = new GeneralNames(); - int count = 0; // # of actual gnames - for (int i = 0; i < num; i++) { - String enable = getConfig(CONFIG_GN_ENABLE + i); - if (enable != null && enable.equals("true")) { - CMS.debug("SubjectAltNameExtDefault: createExtension i=" + i); - - String pattern = getConfig(CONFIG_PATTERN + i); - if (pattern == null || pattern.equals("")) { - pattern = " "; - } - - if (!pattern.equals("")) { - String gname = ""; - - // cfu - see if this is server-generated (e.g. UUID4) - // to use this feature, use $server.source$ in pattern - String source = getConfig(CONFIG_SOURCE + i); - String type = getConfig(CONFIG_TYPE + i); - if ((source != null) && (!source.equals(""))) { - if (type.equalsIgnoreCase("OtherName")) { - CMS.debug("SubjectAlternativeNameExtension: using " + - source + " as gn"); - if (source.equals(CONFIG_SOURCE_UUID4)) { - UUID randUUID = UUID.randomUUID(); - // call the mapPattern that does server-side gen - // request is not used, but needed for the substitute - // function - gname = mapPattern(randUUID.toString(), request, pattern); - } else { //expand more server-gen types here - CMS.debug("SubjectAltNameExtDefault: createExtension - unsupported server-generated type: " - + source + ". Supported: UUID4"); - continue; - } - } else { - CMS.debug("SubjectAltNameExtDefault: createExtension - source is only supported for subjAltExtType OtherName"); - continue; - } - } else { - if (request != null) { - gname = mapPattern(request, pattern); - } - } - - if (gname.equals("")) { - CMS.debug("gname is empty, not added"); - continue; - } - CMS.debug("SubjectAltNameExtDefault: createExtension got gname=" + gname); - - GeneralNameInterface n = parseGeneralName(type + ":" + gname); - - CMS.debug("adding gname: " + gname); - if (n != null) { - CMS.debug("SubjectAlternativeNameExtension: n not null"); - gn.addElement(n); - count++; - } else { - CMS.debug("SubjectAlternativeNameExtension: n null"); - } - } - } - } //for - - if (count != 0) { - try { - ext = new SubjectAlternativeNameExtension(); - } catch (Exception e) { - CMS.debug(e.toString()); - throw new IOException(e.toString()); - } - ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn); - ext.setCritical(critical); - } else { - CMS.debug("count is 0"); - } - return ext; - } - - public String mapPattern(IRequest request, String pattern) - throws IOException { - Pattern p = new Pattern(pattern); - IAttrSet attrSet = null; - if (request != null) { - attrSet = request.asIAttrSet(); - } - return p.substitute("request", attrSet); - } - - // for server-side generated values - public String mapPattern(String val, IRequest request, String pattern) - throws IOException { - Pattern p = new Pattern(pattern); - IAttrSet attrSet = null; - if (request != null) { - attrSet = request.asIAttrSet(); - } - try { - attrSet.set("source", val); - } catch (Exception e) { - CMS.debug("SubjectAlternativeNameExtension: mapPattern source " + e.toString()); - } - - return p.substitute("server", attrSet); - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java deleted file mode 100644 index cca5ab234..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java +++ /dev/null @@ -1,527 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Locale; -import java.util.StringTokenizer; -import java.util.Vector; - -import netscape.security.util.DerValue; -import netscape.security.util.ObjectIdentifier; -import netscape.security.x509.AVAValueConverter; -import netscape.security.x509.Attribute; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.SubjectDirAttributesExtension; -import netscape.security.x509.X500NameAttrMap; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.common.NameValuePairs; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a subject directory attributes extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class SubjectDirAttributesExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "subjDirAttrsCritical"; - public static final String CONFIG_NUM_ATTRS = "subjDirAttrsNum"; - public static final String CONFIG_ATTR_NAME = "subjDirAttrName_"; - public static final String CONFIG_PATTERN = "subjDirAttrPattern_"; - public static final String CONFIG_ENABLE = "subjDirAttrEnable_"; - - public static final String VAL_CRITICAL = "subjDirAttrCritical"; - public static final String VAL_ATTR = "subjDirAttrValue"; - - private static final int DEF_NUM_ATTRS = 1; - private static final int MAX_NUM_ATTRS = 100; - private static final String ENABLE = "Enable"; - private static final String ATTR_NAME = "Attribute Name"; - private static final String ATTR_VALUE = "Attribute Value"; - - public SubjectDirAttributesExtDefault() { - super(); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - refreshConfigAndValueNames(); - } - - protected int getNumAttrs() { - int num = DEF_NUM_ATTRS; - String val = getConfig(CONFIG_NUM_ATTRS); - - if (val != null) { - try { - num = Integer.parseInt(val); - } catch (NumberFormatException e) { - // ignore - } - } - - if (num >= MAX_NUM_ATTRS) - num = DEF_NUM_ATTRS; - - return num; - } - - public void setConfig(String name, String value) - throws EPropertyException { - int num = 0; - if (name.equals(DEF_NUM_ATTRS)) { - try { - num = Integer.parseInt(value); - - if (num >= MAX_NUM_ATTRS || num < 0) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_ATTRS)); - } - - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_ATTRS)); - } - } - super.setConfig(name, value); - } - - public Enumeration<String> getConfigNames() { - refreshConfigAndValueNames(); - return super.getConfigNames(); - } - - protected void refreshConfigAndValueNames() { - super.refreshConfigAndValueNames(); - - addValueName(VAL_CRITICAL); - addValueName(VAL_ATTR); - - addConfigName(CONFIG_CRITICAL); - int num = getNumAttrs(); - addConfigName(CONFIG_NUM_ATTRS); - for (int i = 0; i < num; i++) { - addConfigName(CONFIG_ATTR_NAME + i); - addConfigName(CONFIG_PATTERN + i); - addConfigName(CONFIG_ENABLE + i); - } - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.startsWith(CONFIG_ATTR_NAME)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ATTRS")); - } else if (name.startsWith(CONFIG_ATTR_NAME)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_ATTR_NAME")); - } else if (name.startsWith(CONFIG_PATTERN)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_ATTR_VALUE")); - } else if (name.startsWith(CONFIG_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); - } else if (name.startsWith(CONFIG_NUM_ATTRS)) { - return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ATTRS")); - } - - return null; - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_ATTR)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_SUBJDIR_ATTRS")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - SubjectDirAttributesExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); - - if (name.equals(VAL_CRITICAL)) { - ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); - boolean val = Boolean.valueOf(value).booleanValue(); - - if (ext == null) { - return; - } - ext.setCritical(val); - } else if (name.equals(VAL_ATTR)) { - ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); - - if (ext == null) { - return; - } - Vector<NameValuePairs> v = parseRecords(value); - int size = v.size(); - - boolean critical = ext.isCritical(); - - Vector<Attribute> attrV = new Vector<Attribute>(); - for (int i = 0; i < size; i++) { - NameValuePairs nvps = v.elementAt(i); - String attrName = null; - String attrValue = null; - String enable = "false"; - - for (String name1 : nvps.keySet()) { - - if (name1.equals(ATTR_NAME)) { - attrName = nvps.get(name1); - } else if (name1.equals(ATTR_VALUE)) { - attrValue = nvps.get(name1); - } else if (name1.equals(ENABLE)) { - enable = nvps.get(name1); - } - } - - if (enable.equals("true")) { - AttributeConfig attributeConfig = - new AttributeConfig(attrName, attrValue); - Attribute attr = attributeConfig.mAttribute; - if (attr != null) - attrV.addElement(attr); - } - } - - if (attrV.size() > 0) { - Attribute[] attrList = new Attribute[attrV.size()]; - attrV.copyInto(attrList); - ext = new SubjectDirAttributesExtension(attrList, critical); - } else - return; - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - replaceExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - ext, info); - } catch (EProfileException e) { - CMS.debug("SubjectDirAttributesExtDefault: setValue " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } catch (IOException e) { - CMS.debug("SubjectDirAttributesExtDefault: setValue " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - SubjectDirAttributesExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); - - if (name.equals(VAL_CRITICAL)) { - ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_ATTR)) { - ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); - - if (ext == null) - return ""; - - X500NameAttrMap map = X500NameAttrMap.getDefault(); - - Vector<NameValuePairs> recs = new Vector<NameValuePairs>(); - int num = getNumAttrs(); - Enumeration<Attribute> e = ext.getAttributesList(); - CMS.debug("SubjectDirAttributesExtDefault: getValue: attributesList=" + e); - int i = 0; - - while (e.hasMoreElements()) { - NameValuePairs pairs = new NameValuePairs(); - pairs.put(ENABLE, "true"); - Attribute attr = e.nextElement(); - CMS.debug("SubjectDirAttributesExtDefault: getValue: attribute=" + attr); - ObjectIdentifier oid = attr.getOid(); - CMS.debug("SubjectDirAttributesExtDefault: getValue: oid=" + oid); - - String vv = map.getName(oid); - - if (vv != null) - pairs.put(ATTR_NAME, vv); - else - pairs.put(ATTR_NAME, oid.toString()); - Enumeration<String> v = attr.getValues(); - - // just support single value for now - StringBuffer ss = new StringBuffer(); - while (v.hasMoreElements()) { - if (ss.length() == 0) - ss.append((String) (v.nextElement())); - else { - ss.append(","); - ss.append((String) (v.nextElement())); - } - } - - pairs.put(ATTR_VALUE, ss.toString()); - recs.addElement(pairs); - i++; - } - - for (; i < num; i++) { - NameValuePairs pairs = new NameValuePairs(); - pairs.put(ENABLE, "false"); - pairs.put(ATTR_NAME, "GENERATIONQUALIFIER"); - pairs.put(ATTR_VALUE, ""); - recs.addElement(pairs); - } - - return buildRecords(recs); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - StringBuffer sb = new StringBuffer(); - int num = getNumAttrs(); - - for (int i = 0; i < num; i++) { - sb.append("Record #"); - sb.append(i); - sb.append("{"); - sb.append(ATTR_NAME + ":"); - sb.append(getConfig(CONFIG_ATTR_NAME + i)); - sb.append(","); - sb.append(ATTR_VALUE + ":"); - sb.append(getConfig(CONFIG_PATTERN + i)); - sb.append(","); - sb.append(ENABLE + ":"); - sb.append(getConfig(CONFIG_ENABLE + i)); - sb.append("}"); - } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_SUBJECT_DIR_ATTR_EXT", - getConfig(CONFIG_CRITICAL), - sb.toString()); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - SubjectDirAttributesExtension ext = createExtension(request); - - if (ext == null) - return; - - addExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - ext, info); - } - - public SubjectDirAttributesExtension createExtension(IRequest request) - throws EProfileException { - SubjectDirAttributesExtension ext = null; - int num = 0; - - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - - num = getNumAttrs(); - - AttributeConfig attributeConfig = null; - Vector<Attribute> attrs = new Vector<Attribute>(); - for (int i = 0; i < num; i++) { - String enable = getConfig(CONFIG_ENABLE + i); - if (enable != null && enable.equals("true")) { - String attrName = getConfig(CONFIG_ATTR_NAME + i); - String pattern = getConfig(CONFIG_PATTERN + i); - if (pattern == null || pattern.equals("")) - pattern = " "; - - //check pattern syntax - int startpos = pattern.indexOf("$"); - int lastpos = pattern.lastIndexOf("$"); - String attrValue = pattern; - if (!pattern.equals("") && startpos != -1 && - startpos == 0 && lastpos != -1 && - lastpos == (pattern.length() - 1)) { - if (request != null) { - try { - attrValue = mapPattern(request, pattern); - } catch (IOException e) { - throw new EProfileException(e.toString()); - } - } - } - try { - attributeConfig = new AttributeConfig(attrName, attrValue); - } catch (EPropertyException e) { - throw new EProfileException(e.toString()); - } - Attribute attr = attributeConfig.mAttribute; - if (attr != null) { - attrs.addElement(attr); - } - } - } - - if (attrs.size() > 0) { - Attribute[] attrList = new Attribute[attrs.size()]; - attrs.copyInto(attrList); - try { - ext = - new SubjectDirAttributesExtension(attrList, critical); - } catch (IOException e) { - throw new EProfileException(e.toString()); - } - } - - return ext; - } -} - -class AttributeConfig { - - protected ObjectIdentifier mAttributeOID = null; - protected Attribute mAttribute = null; - - public AttributeConfig(String attrName, String attrValue) - throws EPropertyException { - X500NameAttrMap map = X500NameAttrMap.getDefault(); - - if (attrName == null || attrName.length() == 0) { - throw new EPropertyException( - CMS.getUserMessage("CMS_PROFILE_SUBJDIR_EMPTY_ATTRNAME", attrName)); - } - - if (attrValue == null || attrValue.length() == 0) { - throw new EPropertyException( - CMS.getUserMessage("CMS_PROFILE_SUBJDIR_EMPTY_ATTRVAL", attrValue)); - } - - try { - mAttributeOID = new ObjectIdentifier(attrName); - } catch (Exception e) { - CMS.debug("SubjectDirAttributesExtDefault: invalid OID syntax: " + attrName); - } - - if (mAttributeOID == null) { - mAttributeOID = map.getOid(attrName); - if (mAttributeOID == null) - throw new EPropertyException( - CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", attrName)); - try { - checkValue(mAttributeOID, attrValue); - } catch (IOException e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage())); - } - } - - try { - mAttribute = new Attribute(mAttributeOID, - str2MultiValues(attrValue)); - } catch (IOException e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage())); - } - } - - private static void checkValue(ObjectIdentifier oid, String val) - throws IOException { - AVAValueConverter c = X500NameAttrMap.getDefault().getValueConverter(oid); - - @SuppressWarnings("unused") - DerValue derval = c.getValue(val); // check for errors - return; - } - - private Vector<String> str2MultiValues(String attrValue) { - StringTokenizer tokenizer = new StringTokenizer(attrValue, ","); - Vector<String> v = new Vector<String>(); - while (tokenizer.hasMoreTokens()) { - v.addElement(tokenizer.nextToken()); - } - - return v; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java deleted file mode 100644 index 8ea7533cc..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java +++ /dev/null @@ -1,448 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Locale; -import java.util.Vector; - -import netscape.security.extensions.AccessDescription; -import netscape.security.extensions.SubjectInfoAccessExtension; -import netscape.security.util.ObjectIdentifier; -import netscape.security.x509.GeneralName; -import netscape.security.x509.GeneralNameInterface; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.common.NameValuePairs; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates Subject Info Access extension. - * - * @version $Revision$, $Date$ - */ -public class SubjectInfoAccessExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "subjInfoAccessCritical"; - public static final String CONFIG_NUM_ADS = "subjInfoAccessNumADs"; - public static final String CONFIG_AD_ENABLE = "subjInfoAccessADEnable_"; - public static final String CONFIG_AD_METHOD = "subjInfoAccessADMethod_"; - public static final String CONFIG_AD_LOCATIONTYPE = "subjInfoAccessADLocationType_"; - public static final String CONFIG_AD_LOCATION = "subjInfoAccessADLocation_"; - - public static final String VAL_CRITICAL = "subjInfoAccessCritical"; - public static final String VAL_GENERAL_NAMES = "subjInfoAccessGeneralNames"; - - private static final String AD_METHOD = "Method"; - private static final String AD_LOCATION_TYPE = "Location Type"; - private static final String AD_LOCATION = "Location"; - private static final String AD_ENABLE = "Enable"; - - private static final int DEF_NUM_AD = 1; - private static final int MAX_NUM_AD = 100; - - public SubjectInfoAccessExtDefault() { - super(); - } - - protected int getNumAds() { - int num = DEF_NUM_AD; - String numAds = getConfig(CONFIG_NUM_ADS); - - if (numAds != null) { - try { - num = Integer.parseInt(numAds); - } catch (NumberFormatException e) { - // ignore - } - } - if (num >= MAX_NUM_AD) - num = DEF_NUM_AD; - - return num; - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - refreshConfigAndValueNames(); - } - - public void setConfig(String name, String value) - throws EPropertyException { - int num = 0; - if (name.equals(CONFIG_NUM_ADS)) { - try { - num = Integer.parseInt(value); - - if (num >= MAX_NUM_AD || num < 0) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); - } - - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); - } - } - super.setConfig(name, value); - } - - public Enumeration<String> getConfigNames() { - refreshConfigAndValueNames(); - return super.getConfigNames(); - } - - protected void refreshConfigAndValueNames() { - super.refreshConfigAndValueNames(); - - addValueName(VAL_CRITICAL); - addValueName(VAL_GENERAL_NAMES); - - // register configuration names bases on num ads - addConfigName(CONFIG_CRITICAL); - int num = getNumAds(); - addConfigName(CONFIG_NUM_ADS); - for (int i = 0; i < num; i++) { - addConfigName(CONFIG_AD_METHOD + i); - addConfigName(CONFIG_AD_LOCATIONTYPE + i); - addConfigName(CONFIG_AD_LOCATION + i); - addConfigName(CONFIG_AD_ENABLE + i); - } - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.startsWith(CONFIG_AD_METHOD)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_AD_METHOD")); - } else if (name.startsWith(CONFIG_AD_LOCATIONTYPE)) { - return new Descriptor(IDescriptor.CHOICE, - "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", - "URIName", - CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATIONTYPE")); - } else if (name.startsWith(CONFIG_AD_LOCATION)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATION")); - } else if (name.startsWith(CONFIG_AD_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_AD_ENABLE")); - } else if (name.startsWith(CONFIG_NUM_ADS)) { - return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ADS")); - } - return null; - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_GENERAL_NAMES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - SubjectInfoAccessExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - SubjectInfoAccessExtension a = new SubjectInfoAccessExtension(false); - ObjectIdentifier oid = a.getExtensionId(); - - ext = (SubjectInfoAccessExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - populate(null, info); - } - - if (name.equals(VAL_CRITICAL)) { - - ext = (SubjectInfoAccessExtension) - getExtension(oid.toString(), info); - boolean val = Boolean.valueOf(value).booleanValue(); - - if (ext == null) { - return; - } - ext.setCritical(val); - } else if (name.equals(VAL_GENERAL_NAMES)) { - - ext = (SubjectInfoAccessExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - return; - } - boolean critical = ext.isCritical(); - - Vector<NameValuePairs> v = parseRecords(value); - int size = v.size(); - - ext = new SubjectInfoAccessExtension(critical); - String method = null; - String locationType = null; - String location = null; - String enable = null; - - for (int i = 0; i < size; i++) { - NameValuePairs nvps = v.elementAt(i); - - for (String name1 : nvps.keySet()) { - - if (name1.equals(AD_METHOD)) { - method = nvps.get(name1); - } else if (name1.equals(AD_LOCATION_TYPE)) { - locationType = nvps.get(name1); - } else if (name1.equals(AD_LOCATION)) { - location = nvps.get(name1); - } else if (name1.equals(AD_ENABLE)) { - enable = nvps.get(name1); - } - } - - if (enable != null && enable.equals("true")) { - GeneralName gn = null; - - if (locationType != null || location != null) { - GeneralNameInterface interface1 = parseGeneralName(locationType + ":" + location); - if (interface1 == null) - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", locationType)); - gn = new GeneralName(interface1); - } - - if (method != null) { - try { - ext.addAccessDescription(new ObjectIdentifier(method), gn); - } catch (NumberFormatException ee) { - CMS.debug("SubjectInfoAccessExtDefault: " + ee.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_PROFILE_DEF_SIA_OID", method)); - } - } - } - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - replaceExtension(ext.getExtensionId().toString(), ext, info); - } catch (IOException e) { - CMS.debug("SubjectInfoAccessExtDefault: " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } catch (EProfileException e) { - CMS.debug("SubjectInfoAccessExtDefault: " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - SubjectInfoAccessExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - SubjectInfoAccessExtension a = new SubjectInfoAccessExtension(false); - ObjectIdentifier oid = a.getExtensionId(); - - ext = (SubjectInfoAccessExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - CMS.debug("SubjectInfoAccessExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - if (name.equals(VAL_CRITICAL)) { - - ext = (SubjectInfoAccessExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_GENERAL_NAMES)) { - - ext = (SubjectInfoAccessExtension) - getExtension(oid.toString(), info); - - if (ext == null) - return ""; - - int num = getNumAds(); - - CMS.debug("SubjectInfoAccess num=" + num); - Vector<NameValuePairs> recs = new Vector<NameValuePairs>(); - - for (int i = 0; i < num; i++) { - NameValuePairs np = new NameValuePairs(); - AccessDescription des = null; - - if (i < ext.numberOfAccessDescription()) { - des = ext.getAccessDescription(i); - } - if (des == null) { - np.put(AD_METHOD, ""); - np.put(AD_LOCATION_TYPE, ""); - np.put(AD_LOCATION, ""); - np.put(AD_ENABLE, "false"); - } else { - ObjectIdentifier methodOid = des.getMethod(); - GeneralName gn = des.getLocation(); - - np.put(AD_METHOD, methodOid.toString()); - np.put(AD_LOCATION_TYPE, getGeneralNameType(gn)); - np.put(AD_LOCATION, getGeneralNameValue(gn)); - np.put(AD_ENABLE, "true"); - } - recs.addElement(np); - } - - return buildRecords(recs); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - StringBuffer ads = new StringBuffer(); - int num = getNumAds(); - - for (int i = 0; i < num; i++) { - ads.append("Record #"); - ads.append(i); - ads.append("{"); - ads.append(AD_METHOD + ":"); - ads.append(getConfig(CONFIG_AD_METHOD + i)); - ads.append(","); - ads.append(AD_LOCATION_TYPE + ":"); - ads.append(getConfig(CONFIG_AD_LOCATIONTYPE + i)); - ads.append(","); - ads.append(AD_LOCATION + ":"); - ads.append(getConfig(CONFIG_AD_LOCATION + i)); - ads.append(","); - ads.append(AD_ENABLE + ":"); - ads.append(getConfig(CONFIG_AD_ENABLE + i)); - ads.append("}"); - } - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIA_TEXT", - getConfig(CONFIG_CRITICAL), ads.toString()); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - SubjectInfoAccessExtension ext = createExtension(); - - addExtension(ext.getExtensionId().toString(), ext, info); - } - - public SubjectInfoAccessExtension createExtension() { - SubjectInfoAccessExtension ext = null; - int num = getNumAds(); - - try { - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - - ext = new SubjectInfoAccessExtension(critical); - for (int i = 0; i < num; i++) { - String enable = getConfig(CONFIG_AD_ENABLE + i); - if (enable != null && enable.equals("true")) { - CMS.debug("SubjectInfoAccess: createExtension i=" + i); - String method = getConfig(CONFIG_AD_METHOD + i); - String locationType = getConfig(CONFIG_AD_LOCATIONTYPE + i); - if (locationType == null || locationType.length() == 0) - locationType = "URIName"; - String location = getConfig(CONFIG_AD_LOCATION + i); - - if (location == null || location.equals("")) { - if (method.equals("1.3.6.1.5.5.7.48.1")) { - String hostname = CMS.getEENonSSLHost(); - String port = CMS.getEENonSSLPort(); - if (hostname != null && port != null) - location = "http://" + hostname + ":" + port + "/ocsp"; - } - } - - String s = locationType + ":" + location; - GeneralNameInterface gn = parseGeneralName(s); - if (gn != null) { - ext.addAccessDescription(new ObjectIdentifier(method), - new GeneralName(gn)); - } - } - } - } catch (Exception e) { - CMS.debug("SubjectInfoAccessExtDefault: createExtension " + - e.toString()); - } - - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java deleted file mode 100644 index 9476e45f6..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java +++ /dev/null @@ -1,217 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.util.Locale; - -import netscape.security.x509.CertificateX509Key; -import netscape.security.x509.KeyIdentifier; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.SubjectKeyIdentifierExtension; -import netscape.security.x509.X509CertInfo; -import netscape.security.x509.X509Key; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a subject key identifier extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "critical"; - - public static final String VAL_CRITICAL = "critical"; - public static final String VAL_KEY_ID = "keyid"; - - public SubjectKeyIdentifierExtDefault() { - super(); - addValueName(VAL_CRITICAL); - addValueName(VAL_KEY_ID); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_KEY_ID)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ID")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_CRITICAL)) { - // read-only; do nothing - } else if (name.equals(VAL_KEY_ID)) { - // read-only; do nothing - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - SubjectKeyIdentifierExtension ext = - (SubjectKeyIdentifierExtension) getExtension( - PKIXExtensions.SubjectKey_Id.toString(), info); - - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - if (name.equals(VAL_CRITICAL)) { - ext = - (SubjectKeyIdentifierExtension) getExtension( - PKIXExtensions.SubjectKey_Id.toString(), info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_KEY_ID)) { - ext = - (SubjectKeyIdentifierExtension) getExtension( - PKIXExtensions.SubjectKey_Id.toString(), info); - - if (ext == null) { - return null; - } - KeyIdentifier kid = null; - - try { - kid = (KeyIdentifier) - ext.get(SubjectKeyIdentifierExtension.KEY_ID); - } catch (IOException e) { - CMS.debug("SubjectKeyIdentifierExtDefault::getValue() - " + - "kid is null!"); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", - name)); - } - return toHexString(kid.getIdentifier()); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_KEY_ID_EXT"); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - SubjectKeyIdentifierExtension ext = createExtension(info); - - addExtension(PKIXExtensions.SubjectKey_Id.toString(), ext, info); - } - - public SubjectKeyIdentifierExtension createExtension(X509CertInfo info) { - KeyIdentifier kid = getKeyIdentifier(info); - - if (kid == null) { - CMS.debug("SubjectKeyIdentifierExtDefault: KeyIdentifier not found"); - return null; - } - SubjectKeyIdentifierExtension ext = null; - - boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL)).booleanValue(); - - try { - ext = new SubjectKeyIdentifierExtension(critical, kid.getIdentifier()); - } catch (IOException e) { - CMS.debug("SubjectKeyIdentifierExtDefault: createExtension " + - e.toString()); - // - } - return ext; - } - - public KeyIdentifier getKeyIdentifier(X509CertInfo info) { - try { - CertificateX509Key infokey = (CertificateX509Key) - info.get(X509CertInfo.KEY); - X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY); - MessageDigest md = MessageDigest.getInstance("SHA-1"); - - md.update(key.getKey()); - byte[] hash = md.digest(); - - return new KeyIdentifier(hash); - } catch (NoSuchAlgorithmException e) { - CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " + - e.toString()); - } catch (Exception e) { - CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " + - e.toString()); - } - return null; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java deleted file mode 100644 index 479219b84..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java +++ /dev/null @@ -1,184 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Locale; - -import netscape.security.x509.CertificateSubjectName; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates server-side configurable subject name - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class SubjectNameDefault extends EnrollDefault { - - public static final String CONFIG_NAME = "name"; - - public static final String VAL_NAME = "name"; - - public SubjectNameDefault() { - super(); - addValueName(VAL_NAME); - addConfigName(CONFIG_NAME); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_NAME)) { - return new Descriptor(IDescriptor.STRING, - null, "CN=TEST", CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_NAME)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_NAME)) { - X500Name x500name = null; - - try { - x500name = new X500Name(value); - if (x500name != null) { - CMS.debug("SubjectNameDefault: setValue x500name=" + x500name.toString()); - } - } catch (IOException e) { - CMS.debug("SubjectNameDefault: setValue " + e.toString()); - // failed to build x500 name - } - CMS.debug("SubjectNameDefault: setValue name=" + x500name.toString()); - try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("SubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_NAME)) { - CertificateSubjectName sn = null; - - try { - CMS.debug("SubjectNameDefault: getValue info=" + info); - sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); - CMS.debug("SubjectNameDefault: getValue name=" + sn); - return sn.toString(); - } catch (Exception e) { - // nothing - CMS.debug("SubjectNameDefault: getValue " + e.toString()); - - } - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_NAME", - getConfig(CONFIG_NAME)); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - X500Name name = null; - - String subjectName = null; - - try { - subjectName = mapPattern(request, getConfig(CONFIG_NAME)); - } catch (IOException e) { - CMS.debug("SubjectNameDefault: mapPattern " + e.toString()); - } - - CMS.debug("subjectName=" + subjectName); - if (subjectName == null || subjectName.equals("")) - return; - try { - name = new X500Name(subjectName); - } catch (IOException e) { - // failed to build x500 name - CMS.debug("SubjectNameDefault: populate " + e.toString()); - } - if (name == null) { - // failed to build x500 name - } - try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(name)); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("SubjectNameDefault: populate " + e.toString()); - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java deleted file mode 100644 index 46a78c731..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java +++ /dev/null @@ -1,136 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.util.Locale; - -import netscape.security.x509.CertificateExtensions; -import netscape.security.x509.Extension; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IEnrollProfile; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a user-supplied extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class UserExtensionDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "userExtCritical"; - public static final String CONFIG_OID = "userExtOID"; - - public static final String VAL_CRITICAL = "userExtCritical"; - public static final String VAL_OID = "userExtOID"; - - public UserExtensionDefault() { - super(); - addValueName(VAL_OID); - addConfigName(CONFIG_OID); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_OID)) { - return new Descriptor(IDescriptor.STRING, null, - "Comment Here...", - CMS.getUserMessage(locale, "CMS_PROFILE_OID")); - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_OID)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_OID")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - // Nothing to do for read-only values - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_OID)) { - Extension ext = getExtension(getConfig(CONFIG_OID), info); - - if (ext == null) { - // do something here - return ""; - } - return ext.getExtensionId().toString(); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_USER_EXT", getConfig(CONFIG_OID)); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - CertificateExtensions inExts = null; - String oid = getConfig(CONFIG_OID); - - inExts = request.getExtDataInCertExts(IEnrollProfile.REQUEST_EXTENSIONS); - if (inExts == null) - return; - Extension ext = getExtension(getConfig(CONFIG_OID), inExts); - if (ext == null) { - CMS.debug("UserExtensionDefault: no user ext supplied for " + oid); - return; - } - - // user supplied the ext that's allowed, replace the def set by system - deleteExtension(oid, info); - CMS.debug("UserExtensionDefault: using user supplied ext for " + oid); - addExtension(oid, ext, info); - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java deleted file mode 100644 index b1dc9d116..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java +++ /dev/null @@ -1,233 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.ByteArrayInputStream; -import java.math.BigInteger; -import java.security.interfaces.DSAParams; -import java.util.Locale; - -import netscape.security.provider.DSAPublicKey; -import netscape.security.provider.RSAPublicKey; -import netscape.security.x509.AlgorithmId; -import netscape.security.x509.CertificateX509Key; -import netscape.security.x509.X509CertInfo; -import netscape.security.x509.X509Key; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IEnrollProfile; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a user supplied key - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class UserKeyDefault extends EnrollDefault { - - public static final String VAL_KEY = "KEY"; - public static final String VAL_LEN = "LEN"; - public static final String VAL_TYPE = "TYPE"; - - public UserKeyDefault() { - super(); - addValueName(VAL_TYPE); - addValueName(VAL_LEN); - addValueName(VAL_KEY); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_KEY)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_KEY")); - } else if (name.equals(VAL_LEN)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_KEY_LEN")); - } else if (name.equals(VAL_TYPE)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_KEY_TYPE")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - // this default rule is readonly - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_KEY)) { - CertificateX509Key ck = null; - - try { - ck = (CertificateX509Key) - info.get(X509CertInfo.KEY); - } catch (Exception e) { - // nothing - } - X509Key k = null; - - try { - k = (X509Key) - ck.get(CertificateX509Key.KEY); - } catch (Exception e) { - // nothing - } - if (k == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_PROFILE_KEY_NOT_FOUND")); - } - return toHexString(k.getKey()); - } else if (name.equals(VAL_LEN)) { - CertificateX509Key ck = null; - - try { - ck = (CertificateX509Key) - info.get(X509CertInfo.KEY); - } catch (Exception e) { - // nothing - } - X509Key k = null; - - try { - k = (X509Key) - ck.get(CertificateX509Key.KEY); - } catch (Exception e) { - // nothing - } - if (k == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_PROFILE_KEY_NOT_FOUND")); - } - try { - if (k.getAlgorithm().equals("RSA")) { - return Integer.toString(getRSAKeyLen(k)); - } else { - return Integer.toString(getDSAKeyLen(k)); - } - } catch (Exception e) { - CMS.debug("UserKeyDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else if (name.equals(VAL_TYPE)) { - CertificateX509Key ck = null; - - try { - ck = (CertificateX509Key) - info.get(X509CertInfo.KEY); - } catch (Exception e) { - // nothing - } - X509Key k = null; - - try { - k = (X509Key) - ck.get(CertificateX509Key.KEY); - } catch (Exception e) { - // nothing - } - if (k == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_PROFILE_KEY_NOT_FOUND")); - } - return k.getAlgorithm() + " - " + - k.getAlgorithmId().getOID().toString(); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_USER_KEY"); - } - - public int getRSAKeyLen(X509Key key) throws Exception { - X509Key newkey = null; - - try { - newkey = new X509Key(AlgorithmId.get("RSA"), - key.getKey()); - } catch (Exception e) { - CMS.debug("UserKeyDefault: getRSAKey " + e.toString()); - throw e; - } - RSAPublicKey rsaKey = new RSAPublicKey(newkey.getEncoded()); - - return rsaKey.getKeySize(); - } - - public int getDSAKeyLen(X509Key key) throws Exception { - // Check DSAKey parameters. - // size refers to the p parameter. - DSAPublicKey dsaKey = new DSAPublicKey(key.getEncoded()); - DSAParams keyParams = dsaKey.getParams(); - BigInteger p = keyParams.getP(); - int len = p.bitLength(); - - return len; - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - CertificateX509Key certKey = null; - // authenticate the certificate key, and move - // the key from request into x509 certinfo - try { - byte[] certKeyData = request.getExtDataInByteArray(IEnrollProfile.REQUEST_KEY); - if (certKeyData != null) { - certKey = new CertificateX509Key( - new ByteArrayInputStream(certKeyData)); - } - info.set(X509CertInfo.KEY, certKey); - } catch (Exception e) { - CMS.debug("UserKeyDefault: populate " + e.toString()); - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java deleted file mode 100644 index 4aeed6ba3..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java +++ /dev/null @@ -1,126 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.ByteArrayInputStream; -import java.util.Locale; - -import netscape.security.x509.AlgorithmId; -import netscape.security.x509.CertificateAlgorithmId; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IEnrollProfile; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a user-supplied signing algorithm - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class UserSigningAlgDefault extends EnrollDefault { - - public static final String VAL_ALG_ID = "userSigningAlgID"; - - public UserSigningAlgDefault() { - super(); - addValueName(VAL_ALG_ID); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_ALG_ID)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SIGNING_ALGORITHM")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - // this default rule is readonly - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_ALG_ID)) { - CertificateAlgorithmId algID = null; - - try { - algID = (CertificateAlgorithmId) - info.get(X509CertInfo.ALGORITHM_ID); - AlgorithmId id = (AlgorithmId) - algID.get(CertificateAlgorithmId.ALGORITHM); - - return id.toString(); - } catch (Exception e) { - CMS.debug("UserSigningAlgDefault: setValue " + e.toString()); - return ""; //XXX - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_USER_SIGNING_ALGORITHM"); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - CertificateAlgorithmId certAlg = null; - // authenticate the certificate key, and move - // the key from request into x509 certinfo - try { - byte[] certAlgData = request.getExtDataInByteArray( - IEnrollProfile.REQUEST_SIGNING_ALGORITHM); - if (certAlgData != null) { - certAlg = new CertificateAlgorithmId( - new ByteArrayInputStream(certAlgData)); - } - info.set(X509CertInfo.ALGORITHM_ID, certAlg); - } catch (Exception e) { - CMS.debug("UserSigningAlgDefault: populate " + e.toString()); - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java deleted file mode 100644 index 65456e256..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java +++ /dev/null @@ -1,143 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Locale; - -import netscape.security.x509.CertificateSubjectName; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IEnrollProfile; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a user-supplied subject name - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class UserSubjectNameDefault extends EnrollDefault { - - public static final String VAL_NAME = "name"; - - public UserSubjectNameDefault() { - super(); - addValueName(VAL_NAME); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_NAME)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_NAME)) { - X500Name x500name = null; - - try { - x500name = new X500Name(value); - } catch (IOException e) { - CMS.debug(e.toString()); - // failed to build x500 name - } - CMS.debug("SubjectNameDefault: setValue name=" + x500name); - try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("UserSubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_NAME)) { - CertificateSubjectName sn = null; - - try { - sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); - return sn.toString(); - } catch (Exception e) { - // nothing - } - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_USER_SUBJECT_NAME"); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - // authenticate the subject name and populate it - // to the certinfo - try { - info.set(X509CertInfo.SUBJECT, request.getExtDataInCertSubjectName( - IEnrollProfile.REQUEST_SUBJECT_NAME)); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("UserSubjectNameDefault: populate " + e.toString()); - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java deleted file mode 100644 index 3fadb81fd..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java +++ /dev/null @@ -1,149 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.ByteArrayInputStream; -import java.util.Date; -import java.util.Locale; - -import netscape.security.x509.CertificateValidity; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IEnrollProfile; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a user-supplied validity - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class UserValidityDefault extends EnrollDefault { - - public static final String VAL_NOT_BEFORE = "userValdityNotBefore"; - public static final String VAL_NOT_AFTER = "userValdityNotAfter"; - - public UserValidityDefault() { - super(); - addValueName(VAL_NOT_BEFORE); - addValueName(VAL_NOT_AFTER); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_NOT_BEFORE)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_NOT_BEFORE")); - } else if (name.equals(VAL_NOT_AFTER)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_NOT_AFTER")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - // this default rule is readonly - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_NOT_BEFORE)) { - CertificateValidity validity = null; - - try { - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); - Date notBefore = (Date) - validity.get(CertificateValidity.NOT_BEFORE); - - return notBefore.toString(); - } catch (Exception e) { - CMS.debug("UserValidityDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else if (name.equals(VAL_NOT_AFTER)) { - try { - CertificateValidity validity = null; - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); - Date notAfter = (Date) - validity.get(CertificateValidity.NOT_AFTER); - - return notAfter.toString(); - } catch (Exception e) { - CMS.debug("UserValidityDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_USER_VALIDITY"); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - CertificateValidity certValidity = null; - // authenticate the certificate key, and move - // the key from request into x509 certinfo - try { - byte[] certValidityData = request.getExtDataInByteArray( - IEnrollProfile.REQUEST_VALIDITY); - if (certValidityData != null) { - certValidity = new CertificateValidity(); - certValidity.decode( - new ByteArrayInputStream(certValidityData)); - } - info.set(X509CertInfo.VALIDITY, certValidity); - } catch (Exception e) { - CMS.debug("UserValidityDefault: populate " + e.toString()); - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java deleted file mode 100644 index ad06400f3..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java +++ /dev/null @@ -1,263 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.text.ParsePosition; -import java.text.SimpleDateFormat; -import java.util.Date; -import java.util.Locale; - -import netscape.security.x509.CertificateValidity; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a server-side configurable validity - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class ValidityDefault extends EnrollDefault { - public static final String CONFIG_RANGE = "range"; - public static final String CONFIG_START_TIME = "startTime"; - - public static final String VAL_NOT_BEFORE = "notBefore"; - public static final String VAL_NOT_AFTER = "notAfter"; - - public static final String DATE_FORMAT = "yyyy-MM-dd HH:mm:ss"; - - private long mDefault = 86400000; // 1 days - - public ValidityDefault() { - super(); - addConfigName(CONFIG_RANGE); - addConfigName(CONFIG_START_TIME); - addValueName(VAL_NOT_BEFORE); - addValueName(VAL_NOT_AFTER); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public void setConfig(String name, String value) - throws EPropertyException { - if (name.equals(CONFIG_RANGE)) { - try { - Integer.parseInt(value); - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_RANGE)); - } - } else if (name.equals(CONFIG_START_TIME)) { - try { - Integer.parseInt(value); - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_START_TIME)); - } - } - super.setConfig(name, value); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_RANGE)) { - return new Descriptor(IDescriptor.STRING, - null, - "2922", - CMS.getUserMessage(locale, - "CMS_PROFILE_VALIDITY_RANGE")); - } else if (name.equals(CONFIG_START_TIME)) { - return new Descriptor(IDescriptor.STRING, - null, - "60", /* 1 minute */ - CMS.getUserMessage(locale, - "CMS_PROFILE_VALIDITY_START_TIME")); - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_NOT_BEFORE)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_NOT_BEFORE")); - } else if (name.equals(VAL_NOT_AFTER)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_NOT_AFTER")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (value == null || value.equals("")) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); - ParsePosition pos = new ParsePosition(0); - Date date = formatter.parse(value, pos); - CertificateValidity validity = null; - - try { - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); - validity.set(CertificateValidity.NOT_BEFORE, - date); - } catch (Exception e) { - CMS.debug("ValidityDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); - ParsePosition pos = new ParsePosition(0); - Date date = formatter.parse(value, pos); - CertificateValidity validity = null; - - try { - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); - validity.set(CertificateValidity.NOT_AFTER, - date); - } catch (Exception e) { - CMS.debug("ValidityDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - - if (name == null) - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - - if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); - CertificateValidity validity = null; - - try { - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); - return formatter.format((Date) - validity.get(CertificateValidity.NOT_BEFORE)); - } catch (Exception e) { - CMS.debug("ValidityDefault: getValue " + e.toString()); - } - throw new EPropertyException("Invalid valie"); - } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); - CertificateValidity validity = null; - - try { - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); - return formatter.format((Date) - validity.get(CertificateValidity.NOT_AFTER)); - } catch (Exception e) { - CMS.debug("ValidityDefault: getValue " + e.toString()); - } - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", - getConfig(CONFIG_RANGE)); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - // always + 60 seconds - String startTimeStr = getConfig(CONFIG_START_TIME); - try { - startTimeStr = mapPattern(request, startTimeStr); - } catch (IOException e) { - CMS.debug("ValidityDefault: populate " + e.toString()); - } - - if (startTimeStr == null || startTimeStr.equals("")) { - startTimeStr = "60"; - } - int startTime = Integer.parseInt(startTimeStr); - Date notBefore = new Date(CMS.getCurrentDate().getTime() + (1000 * startTime)); - long notAfterVal = 0; - - try { - String rangeStr = getConfig(CONFIG_RANGE); - rangeStr = mapPattern(request, rangeStr); - notAfterVal = notBefore.getTime() + - (mDefault * Integer.parseInt(rangeStr)); - } catch (Exception e) { - // configured value is not correct - CMS.debug("ValidityDefault: populate " + e.toString()); - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_RANGE)); - } - Date notAfter = new Date(notAfterVal); - CertificateValidity validity = - new CertificateValidity(notBefore, notAfter); - - try { - info.set(X509CertInfo.VALIDITY, validity); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("ValidityDefault: populate " + e.toString()); - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_INVALID_PROPERTY", X509CertInfo.VALIDITY)); - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java deleted file mode 100644 index 6b5ab6bc0..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java +++ /dev/null @@ -1,215 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Locale; - -import netscape.security.x509.CertificateSubjectName; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates server-side configurable subject name - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class nsHKeySubjectNameDefault extends EnrollDefault { - - public static final String PROP_PARAMS = "params"; - public static final String CONFIG_DNPATTERN = "dnpattern"; - - public static final String VAL_NAME = "name"; - - /* default dn pattern if left blank or not set in the config */ - protected static String DEFAULT_DNPATTERN = - "CN=SecureMember - $request.tokencuid$, OU=Subscriber, O=Red Hat, C=US"; - - protected IConfigStore mParamsConfig; - - public nsHKeySubjectNameDefault() { - super(); - addConfigName(CONFIG_DNPATTERN); - - addValueName(CONFIG_DNPATTERN); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - CMS.debug("nsHKeySubjectNameDefault: in getConfigDescriptor, name=" + name); - if (name.equals(CONFIG_DNPATTERN)) { - return new Descriptor(IDescriptor.STRING, - null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - CMS.debug("nsHKeySubjectNameDefault: in getValueDescriptor name=" + name); - - if (name.equals(VAL_NAME)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - - CMS.debug("nsHKeySubjectNameDefault: in setValue, value=" + value); - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_NAME)) { - X500Name x500name = null; - - try { - x500name = new X500Name(value); - } catch (IOException e) { - CMS.debug("nsHKeySubjectNameDefault: setValue " + e.toString()); - // failed to build x500 name - } - CMS.debug("nsHKeySubjectNameDefault: setValue name=" + x500name); - try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("nsHKeySubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - CMS.debug("nsHKeySubjectNameDefault: in getValue, name=" + name); - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_NAME)) { - CertificateSubjectName sn = null; - - try { - CMS.debug("nsHKeySubjectNameDefault: getValue info=" + info); - sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); - CMS.debug("nsHKeySubjectNameDefault: getValue name=" + sn); - return sn.toString(); - } catch (Exception e) { - // nothing - CMS.debug("nsHKeySubjectNameDefault: getValue " + e.toString()); - - } - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - CMS.debug("nsHKeySubjectNameDefault: in getText"); - return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", - getConfig(CONFIG_DNPATTERN)); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - X500Name name = null; - CMS.debug("nsHKeySubjectNameDefault: in populate"); - - try { - String subjectName = getSubjectName(request); - CMS.debug("subjectName=" + subjectName); - if (subjectName == null || subjectName.equals("")) - return; - - name = new X500Name(subjectName); - } catch (IOException e) { - // failed to build x500 name - CMS.debug("nsHKeySubjectNameDefault: populate " + e.toString()); - } - if (name == null) { - // failed to build x500 name - } - try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(name)); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("nsHKeySubjectNameDefault: populate " + e.toString()); - } - } - - private String getSubjectName(IRequest request) - throws EProfileException, IOException { - - CMS.debug("nsHKeySubjectNameDefault: in getSubjectName"); - - String pattern = getConfig(CONFIG_DNPATTERN); - if (pattern == null || pattern.equals("")) { - pattern = " "; - } - - String sbjname = ""; - - if (request != null) { - CMS.debug("pattern = " + pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsHKeySubjectNameDefault: getSubjectName(): subject name mapping done"); - } - - return sbjname; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java deleted file mode 100644 index cc1a8de81..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java +++ /dev/null @@ -1,423 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -//ldap java sdk -import java.io.IOException; -import java.util.Locale; -import java.util.StringTokenizer; - -import netscape.ldap.LDAPAttribute; -import netscape.ldap.LDAPConnection; -import netscape.ldap.LDAPEntry; -import netscape.ldap.LDAPSearchResults; -import netscape.ldap.LDAPv2; -import netscape.security.x509.CertificateSubjectName; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.ldap.ILdapConnFactory; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates server-side configurable subject name - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class nsNKeySubjectNameDefault extends EnrollDefault { - - public static final String PROP_LDAP = "ldap"; - public static final String PROP_PARAMS = "params"; - public static final String CONFIG_DNPATTERN = "dnpattern"; - public static final String CONFIG_LDAP_STRING_ATTRS = "ldapStringAttributes"; - public static final String CONFIG_LDAP_HOST = "ldap.ldapconn.host"; - public static final String CONFIG_LDAP_PORT = "ldap.ldapconn.port"; - public static final String CONFIG_LDAP_SEC_CONN = "ldap.ldapconn.secureConn"; - public static final String CONFIG_LDAP_VER = "ldap.ldapconn.Version"; - public static final String CONFIG_LDAP_BASEDN = "ldap.basedn"; - public static final String CONFIG_LDAP_MIN_CONN = "ldap.minConns"; - public static final String CONFIG_LDAP_MAX_CONN = "ldap.maxConns"; - - public static final String VAL_NAME = "name"; - - public static final String CONFIG_LDAP_VERS = - "2,3"; - - /* default dn pattern if left blank or not set in the config */ - protected static String DEFAULT_DNPATTERN = - "CN=$request.aoluid$, E=$request.mail$"; - - /* ldap configuration sub-store */ - boolean mInitialized = false; - protected IConfigStore mInstConfig; - protected IConfigStore mLdapConfig; - protected IConfigStore mParamsConfig; - - /* ldap base dn */ - protected String mBaseDN = null; - - /* factory of anonymous ldap connections */ - protected ILdapConnFactory mConnFactory = null; - - /* the list of LDAP attributes with string values to retrieve to - * form the subject dn. */ - protected String[] mLdapStringAttrs = null; - - public nsNKeySubjectNameDefault() { - super(); - addConfigName(CONFIG_DNPATTERN); - addConfigName(CONFIG_LDAP_STRING_ATTRS); - addConfigName(CONFIG_LDAP_HOST); - addConfigName(CONFIG_LDAP_PORT); - addConfigName(CONFIG_LDAP_SEC_CONN); - addConfigName(CONFIG_LDAP_VER); - addConfigName(CONFIG_LDAP_BASEDN); - addConfigName(CONFIG_LDAP_MIN_CONN); - addConfigName(CONFIG_LDAP_MAX_CONN); - - addValueName(CONFIG_DNPATTERN); - addValueName(CONFIG_LDAP_STRING_ATTRS); - addValueName(CONFIG_LDAP_HOST); - addValueName(CONFIG_LDAP_PORT); - addValueName(CONFIG_LDAP_SEC_CONN); - addValueName(CONFIG_LDAP_VER); - addValueName(CONFIG_LDAP_BASEDN); - addValueName(CONFIG_LDAP_MIN_CONN); - addValueName(CONFIG_LDAP_MAX_CONN); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - mInstConfig = config; - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - CMS.debug("nsNKeySubjectNameDefault: in getConfigDescriptor, name=" + name); - if (name.equals(CONFIG_DNPATTERN)) { - return new Descriptor(IDescriptor.STRING, - null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); - } else if (name.equals(CONFIG_LDAP_STRING_ATTRS)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_STRING_ATTRS")); - } else if (name.equals(CONFIG_LDAP_HOST)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_HOST_NAME")); - } else if (name.equals(CONFIG_LDAP_PORT)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_PORT_NUMBER")); - } else if (name.equals(CONFIG_LDAP_SEC_CONN)) { - return new Descriptor(IDescriptor.BOOLEAN, - null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_SECURE_CONN")); - } else if (name.equals(CONFIG_LDAP_VER)) { - return new Descriptor(IDescriptor.CHOICE, CONFIG_LDAP_VERS, - "3", - CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_VERSION")); - } else if (name.equals(CONFIG_LDAP_BASEDN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_BASEDN")); - } else if (name.equals(CONFIG_LDAP_MIN_CONN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_MIN_CONN")); - } else if (name.equals(CONFIG_LDAP_MAX_CONN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_MAX_CONN")); - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - CMS.debug("nsNKeySubjectNameDefault: in getValueDescriptor name=" + name); - - if (name.equals(VAL_NAME)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - - CMS.debug("nsNKeySubjectNameDefault: in setValue, value=" + value); - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_NAME)) { - X500Name x500name = null; - - try { - x500name = new X500Name(value); - } catch (IOException e) { - CMS.debug("nsNKeySubjectNameDefault: setValue " + e.toString()); - // failed to build x500 name - } - CMS.debug("nsNKeySubjectNameDefault: setValue name=" + x500name); - try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("nsNKeySubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - CMS.debug("nsNKeySubjectNameDefault: in getValue, name=" + name); - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_NAME)) { - CertificateSubjectName sn = null; - - try { - CMS.debug("nsNKeySubjectNameDefault: getValue info=" + info); - sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); - CMS.debug("nsNKeySubjectNameDefault: getValue name=" + sn); - return sn.toString(); - } catch (Exception e) { - // nothing - CMS.debug("nsNKeySubjectNameDefault: getValue " + e.toString()); - - } - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - CMS.debug("nsNKeySubjectNameDefault: in getText"); - return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", - getConfig(CONFIG_DNPATTERN)); - } - - public void ldapInit() - throws EProfileException { - if (mInitialized == true) - return; - - CMS.debug("nsNKeySubjectNameDefault: ldapInit(): begin"); - - try { - // cfu - XXX do more error handling here later - /* initialize ldap server configuration */ - mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS); - mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP); - mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null); - mConnFactory = CMS.getLdapAnonConnFactory(); - mConnFactory.init(mLdapConfig); - - /* initialize dn pattern */ - String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null); - - if (pattern == null || pattern.length() == 0) - pattern = DEFAULT_DNPATTERN; - - /* initialize ldap string attribute list */ - String ldapStringAttrs = mParamsConfig.getString(CONFIG_LDAP_STRING_ATTRS, null); - - if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) { - StringTokenizer pAttrs = - new StringTokenizer(ldapStringAttrs, ",", false); - - mLdapStringAttrs = new String[pAttrs.countTokens()]; - - for (int i = 0; i < mLdapStringAttrs.length; i++) { - mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim(); - } - } - CMS.debug("nsNKeySubjectNameDefault: ldapInit(): done"); - mInitialized = true; - } catch (Exception e) { - CMS.debug("nsNKeySubjectNameDefault: ldapInit(): " + e.toString()); - // throw EProfileException... - throw new EProfileException("ldap init failure: " + e.toString()); - } - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - X500Name name = null; - CMS.debug("nsNKeySubjectNameDefault: in populate"); - ldapInit(); - try { - // cfu - this goes to ldap - String subjectName = getSubjectName(request); - CMS.debug("subjectName=" + subjectName); - if (subjectName == null || subjectName.equals("")) - return; - - name = new X500Name(subjectName); - } catch (IOException e) { - // failed to build x500 name - CMS.debug("nsNKeySubjectNameDefault: populate " + e.toString()); - } - if (name == null) { - // failed to build x500 name - } - try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(name)); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("nsNKeySubjectNameDefault: populate " + e.toString()); - } - } - - private String getSubjectName(IRequest request) - throws EProfileException, IOException { - - CMS.debug("nsNKeySubjectNameDefault: in getSubjectName"); - - String pattern = getConfig(CONFIG_DNPATTERN); - if (pattern == null || pattern.equals("")) { - pattern = " "; - } - - LDAPConnection conn = null; - String userdn = null; - String sbjname = ""; - // get DN from ldap to fill request - try { - if (mConnFactory == null) { - conn = null; - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): no LDAP connection"); - throw new EProfileException("no LDAP connection"); - } else { - conn = mConnFactory.getConn(); - if (conn == null) { - CMS.debug("nsNKeySubjectNameDefault::getSubjectName() - " + - "no LDAP connection"); - throw new EProfileException("no LDAP connection"); - } - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): got LDAP connection"); - } - - if (request != null) { - CMS.debug("pattern = " + pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): subject name mapping done"); - } else { - CMS.debug("nsNKeySubjectNameDefault::getSubjectName() - " + - "request is null!"); - throw new EProfileException("request is null"); - } - // retrieve the attributes - // get user dn. - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with basedn = " + mBaseDN); - LDAPSearchResults res = conn.search(mBaseDN, - LDAPv2.SCOPE_SUB, "(aoluid=" + request.getExtDataInString("aoluid") + ")", null, false); - - if (res.hasMoreElements()) { - LDAPEntry entry = res.next(); - - userdn = entry.getDN(); - } else {// put into property file later - cfu - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): screen name does not exist"); - throw new EProfileException("screenname does not exist"); - } - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): retrieved entry for aoluid = " - + request.getExtDataInString("aoluid")); - ; - - LDAPEntry entry = null; - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with " - + mLdapStringAttrs.length + " attributes"); - LDAPSearchResults results = - conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", - mLdapStringAttrs, false); - - if (!results.hasMoreElements()) { - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): no attributes"); - throw new EProfileException("no ldap attributes found"); - } - entry = results.next(); - // set attrs into request - for (int i = 0; i < mLdapStringAttrs.length; i++) { - LDAPAttribute la = - entry.getAttribute(mLdapStringAttrs[i]); - if (la != null) { - String[] sla = la.getStringValueArray(); - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): got attribute: " + sla[0]); - request.setExtData(mLdapStringAttrs[i], sla[0]); - } - } - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): attributes set in request"); - } catch (Exception e) { - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): " + e.toString()); - throw new EProfileException("getSubjectName() failure: " + e.toString()); - } finally { - try { - if (conn != null) - mConnFactory.returnConn(conn); - } catch (Exception e) { - throw new EProfileException("nsNKeySubjectNameDefault: getSubjectName(): connection return failure"); - } - } - return sbjname; - - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java deleted file mode 100644 index 77fa417f6..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java +++ /dev/null @@ -1,215 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Locale; - -import netscape.security.x509.CertificateSubjectName; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates server-side configurable subject name - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { - - public static final String PROP_PARAMS = "params"; - public static final String CONFIG_DNPATTERN = "dnpattern"; - - public static final String VAL_NAME = "name"; - - /* default dn pattern if left blank or not set in the config */ - protected static String DEFAULT_DNPATTERN = - "Token Key Device - $request.tokencuid$"; - - protected IConfigStore mParamsConfig; - - public nsTokenDeviceKeySubjectNameDefault() { - super(); - addConfigName(CONFIG_DNPATTERN); - - addValueName(CONFIG_DNPATTERN); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getConfigDescriptor, name=" + name); - if (name.equals(CONFIG_DNPATTERN)) { - return new Descriptor(IDescriptor.STRING, - null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValueDescriptor name=" + name); - - if (name.equals(VAL_NAME)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in setValue, value=" + value); - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_NAME)) { - X500Name x500name = null; - - try { - x500name = new X500Name(value); - } catch (IOException e) { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue " + e.toString()); - // failed to build x500 name - } - CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue name=" + x500name); - try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValue, name=" + name); - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_NAME)) { - CertificateSubjectName sn = null; - - try { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: getValue info=" + info); - sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); - CMS.debug("nsTokenDeviceKeySubjectNameDefault: getValue name=" + sn); - return sn.toString(); - } catch (Exception e) { - // nothing - CMS.debug("nsTokenDeviceKeySubjectNameDefault: getValue " + e.toString()); - - } - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getText"); - return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", - getConfig(CONFIG_DNPATTERN)); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - X500Name name = null; - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in populate"); - - try { - String subjectName = getSubjectName(request); - CMS.debug("subjectName=" + subjectName); - if (subjectName == null || subjectName.equals("")) - return; - - name = new X500Name(subjectName); - } catch (IOException e) { - // failed to build x500 name - CMS.debug("nsTokenDeviceKeySubjectNameDefault: populate " + e.toString()); - } - if (name == null) { - // failed to build x500 name - } - try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(name)); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("nsTokenDeviceKeySubjectNameDefault: populate " + e.toString()); - } - } - - private String getSubjectName(IRequest request) - throws EProfileException, IOException { - - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getSubjectName"); - - String pattern = getConfig(CONFIG_DNPATTERN); - if (pattern == null || pattern.equals("")) { - pattern = " "; - } - - String sbjname = ""; - - if (request != null) { - CMS.debug("pattern = " + pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsTokenDeviceKeySubjectNameDefault: getSubjectName(): subject name mapping done"); - } - - return sbjname; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java deleted file mode 100644 index 65adabfad..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java +++ /dev/null @@ -1,456 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -//ldap java sdk -import java.io.IOException; -import java.util.Locale; -import java.util.StringTokenizer; - -import netscape.ldap.LDAPAttribute; -import netscape.ldap.LDAPConnection; -import netscape.ldap.LDAPEntry; -import netscape.ldap.LDAPSearchResults; -import netscape.ldap.LDAPv2; -import netscape.security.x509.CertificateSubjectName; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.ldap.ILdapConnFactory; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates server-side configurable subject name - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { - - public static final String PROP_LDAP = "ldap"; - public static final String PROP_PARAMS = "params"; - public static final String CONFIG_DNPATTERN = "dnpattern"; - public static final String CONFIG_LDAP_ENABLE = "ldap.enable"; - public static final String CONFIG_LDAP_SEARCH_NAME = "ldap.searchName"; - public static final String CONFIG_LDAP_STRING_ATTRS = "ldapStringAttributes"; - public static final String CONFIG_LDAP_HOST = "ldap.ldapconn.host"; - public static final String CONFIG_LDAP_PORT = "ldap.ldapconn.port"; - public static final String CONFIG_LDAP_SEC_CONN = "ldap.ldapconn.secureConn"; - public static final String CONFIG_LDAP_VER = "ldap.ldapconn.Version"; - public static final String CONFIG_LDAP_BASEDN = "ldap.basedn"; - public static final String CONFIG_LDAP_MIN_CONN = "ldap.minConns"; - public static final String CONFIG_LDAP_MAX_CONN = "ldap.maxConns"; - - public static final String VAL_NAME = "name"; - - public static final String CONFIG_LDAP_VERS = - "2,3"; - - /* default dn pattern if left blank or not set in the config */ - protected static String DEFAULT_DNPATTERN = - "CN=$request.uid$, E=$request.mail$"; - - /* ldap configuration sub-store */ - boolean mldapInitialized = false; - boolean mldapEnabled = false; - protected IConfigStore mInstConfig; - protected IConfigStore mLdapConfig; - protected IConfigStore mParamsConfig; - - /* ldap base dn */ - protected String mBaseDN = null; - - /* factory of anonymous ldap connections */ - protected ILdapConnFactory mConnFactory = null; - - /* the list of LDAP attributes with string values to retrieve to - * form the subject dn. */ - protected String[] mLdapStringAttrs = null; - - public nsTokenUserKeySubjectNameDefault() { - super(); - addConfigName(CONFIG_DNPATTERN); - addConfigName(CONFIG_LDAP_ENABLE); - addConfigName(CONFIG_LDAP_SEARCH_NAME); - addConfigName(CONFIG_LDAP_STRING_ATTRS); - addConfigName(CONFIG_LDAP_HOST); - addConfigName(CONFIG_LDAP_PORT); - addConfigName(CONFIG_LDAP_SEC_CONN); - addConfigName(CONFIG_LDAP_VER); - addConfigName(CONFIG_LDAP_BASEDN); - addConfigName(CONFIG_LDAP_MIN_CONN); - addConfigName(CONFIG_LDAP_MAX_CONN); - - addValueName(CONFIG_DNPATTERN); - addValueName(CONFIG_LDAP_ENABLE); - addValueName(CONFIG_LDAP_SEARCH_NAME); - addValueName(CONFIG_LDAP_STRING_ATTRS); - addValueName(CONFIG_LDAP_HOST); - addValueName(CONFIG_LDAP_PORT); - addValueName(CONFIG_LDAP_SEC_CONN); - addValueName(CONFIG_LDAP_VER); - addValueName(CONFIG_LDAP_BASEDN); - addValueName(CONFIG_LDAP_MIN_CONN); - addValueName(CONFIG_LDAP_MAX_CONN); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - mInstConfig = config; - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - CMS.debug("nsTokenUserKeySubjectNameDefault: in getConfigDescriptor, name=" + name); - if (name.equals(CONFIG_DNPATTERN)) { - return new Descriptor(IDescriptor.STRING, - null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); - } else if (name.equals(CONFIG_LDAP_STRING_ATTRS)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_STRING_ATTRS")); - } else if (name.equals(CONFIG_LDAP_ENABLE)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_ENABLE")); - } else if (name.equals(CONFIG_LDAP_SEARCH_NAME)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_SEARCH_NAME")); - } else if (name.equals(CONFIG_LDAP_HOST)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_HOST_NAME")); - } else if (name.equals(CONFIG_LDAP_PORT)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_PORT_NUMBER")); - } else if (name.equals(CONFIG_LDAP_SEC_CONN)) { - return new Descriptor(IDescriptor.BOOLEAN, - null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_SECURE_CONN")); - } else if (name.equals(CONFIG_LDAP_VER)) { - return new Descriptor(IDescriptor.CHOICE, CONFIG_LDAP_VERS, - "3", - CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_VERSION")); - } else if (name.equals(CONFIG_LDAP_BASEDN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_BASEDN")); - } else if (name.equals(CONFIG_LDAP_MIN_CONN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_MIN_CONN")); - } else if (name.equals(CONFIG_LDAP_MAX_CONN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_MAX_CONN")); - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - CMS.debug("nsTokenUserKeySubjectNameDefault: in getValueDescriptor name=" + name); - - if (name.equals(VAL_NAME)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - - CMS.debug("nsTokenUserKeySubjectNameDefault: in setValue, value=" + value); - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_NAME)) { - X500Name x500name = null; - - try { - x500name = new X500Name(value); - } catch (IOException e) { - CMS.debug("nsTokenUserKeySubjectNameDefault: setValue " + e.toString()); - // failed to build x500 name - } - CMS.debug("nsTokenUserKeySubjectNameDefault: setValue name=" + x500name); - try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("nsTokenUserKeySubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - CMS.debug("nsTokenUserKeySubjectNameDefault: in getValue, name=" + name); - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_NAME)) { - CertificateSubjectName sn = null; - - try { - CMS.debug("nsTokenUserKeySubjectNameDefault: getValue info=" + info); - sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); - CMS.debug("nsTokenUserKeySubjectNameDefault: getValue name=" + sn); - return sn.toString(); - } catch (Exception e) { - // nothing - CMS.debug("nsTokenUserKeySubjectNameDefault: getValue " + e.toString()); - - } - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - CMS.debug("nsTokenUserKeySubjectNameDefault: in getText"); - return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", - getConfig(CONFIG_DNPATTERN)); - } - - public void ldapInit() - throws EProfileException { - if (mldapInitialized == true) - return; - - CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): begin"); - - try { - // cfu - XXX do more error handling here later - /* initialize ldap server configuration */ - mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS); - mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP); - mldapEnabled = mParamsConfig.getBoolean(CONFIG_LDAP_ENABLE, - false); - if (mldapEnabled == false) - return; - - mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null); - mConnFactory = CMS.getLdapAnonConnFactory(); - mConnFactory.init(mLdapConfig); - - /* initialize dn pattern */ - String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null); - - if (pattern == null || pattern.length() == 0) - pattern = DEFAULT_DNPATTERN; - - /* initialize ldap string attribute list */ - String ldapStringAttrs = mParamsConfig.getString(CONFIG_LDAP_STRING_ATTRS, null); - - if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) { - StringTokenizer pAttrs = - new StringTokenizer(ldapStringAttrs, ",", false); - - mLdapStringAttrs = new String[pAttrs.countTokens()]; - - for (int i = 0; i < mLdapStringAttrs.length; i++) { - mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim(); - } - } - CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): done"); - mldapInitialized = true; - } catch (Exception e) { - CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): " + e.toString()); - // throw EProfileException... - throw new EProfileException("ldap init failure: " + e.toString()); - } - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - X500Name name = null; - CMS.debug("nsTokenUserKeySubjectNameDefault: in populate"); - ldapInit(); - try { - // cfu - this goes to ldap - String subjectName = getSubjectName(request); - CMS.debug("subjectName=" + subjectName); - if (subjectName == null || subjectName.equals("")) - return; - - name = new X500Name(subjectName); - } catch (IOException e) { - // failed to build x500 name - CMS.debug("nsTokenUserKeySubjectNameDefault: populate " + e.toString()); - } - if (name == null) { - // failed to build x500 name - } - try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(name)); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("nsTokenUserKeySubjectNameDefault: populate " + e.toString()); - } - } - - private String getSubjectName(IRequest request) - throws EProfileException, IOException { - - CMS.debug("nsTokenUserKeySubjectNameDefault: in getSubjectName"); - - String pattern = getConfig(CONFIG_DNPATTERN); - if (pattern == null || pattern.equals("")) { - pattern = " "; - } - String sbjname = ""; - - if (mldapInitialized == false) { - if (request != null) { - CMS.debug("pattern = " + pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done"); - } - return sbjname; - } - - // ldap is initialized, do more substitution - String searchName = getConfig(CONFIG_LDAP_SEARCH_NAME); - if (searchName == null || searchName.equals("")) { - searchName = "uid"; - } - - LDAPConnection conn = null; - String userdn = null; - // get DN from ldap to fill request - try { - if (mConnFactory == null) { - conn = null; - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): no LDAP connection"); - throw new EProfileException("no LDAP connection"); - } else { - conn = mConnFactory.getConn(); - if (conn == null) { - CMS.debug("nsTokenUserKeySubjectNameDefault::getSubjectName() - " + - "no LDAP connection"); - throw new EProfileException("no LDAP connection"); - } - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got LDAP connection"); - } - // retrieve the attributes - // get user dn. - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with basedn = " + mBaseDN); - LDAPSearchResults res = conn.search(mBaseDN, - LDAPv2.SCOPE_SUB, "(" + searchName + "=" + request.getExtDataInString("uid") + ")", null, false); - - if (res.hasMoreElements()) { - LDAPEntry entry = res.next(); - - userdn = entry.getDN(); - } else {// put into property file later - cfu - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): " + searchName + " does not exist"); - throw new EProfileException("id does not exist"); - } - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): retrieved entry for " - + searchName + " = " + request.getExtDataInString("uid")); - - LDAPEntry entry = null; - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with " - + mLdapStringAttrs.length + " attributes"); - LDAPSearchResults results = - conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", - mLdapStringAttrs, false); - - if (!results.hasMoreElements()) { - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): no attributes"); - throw new EProfileException("no ldap attributes found"); - } - entry = results.next(); - // set attrs into request - for (int i = 0; i < mLdapStringAttrs.length; i++) { - LDAPAttribute la = - entry.getAttribute(mLdapStringAttrs[i]); - if (la != null) { - String[] sla = la.getStringValueArray(); - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got attribute: " - + mLdapStringAttrs[i] + - "=" + escapeValueRfc1779(sla[0], false).toString()); - request.setExtData(mLdapStringAttrs[i], escapeValueRfc1779(sla[0], false).toString()); - } - } - CMS.debug("pattern = " + pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done"); - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): attributes set in request"); - - } catch (Exception e) { - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): " + e.toString()); - throw new EProfileException("getSubjectName() failure: " + e.toString()); - } finally { - try { - if (conn != null) - mConnFactory.returnConn(conn); - } catch (Exception e) { - throw new EProfileException( - "nsTokenUserKeySubjectNameDefault: getSubjectName(): connection return failure"); - } - } - return sbjname; - - } -} |