Add python scripts for profile cli automation

5 files changed, 1498 insertions, 0 deletions

diff --git a/tests/dogtag/shared/PkiLib/__init__.py b/tests/dogtag/shared/PkiLib/__init__.py
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/tests/dogtag/shared/PkiLib/__init__.py
diff --git a/tests/dogtag/shared/PkiLib/pkicommonlib.py b/tests/dogtag/shared/PkiLib/pkicommonlib.py
new file mode 100644
index 000000000..82075b475
--- /dev/null
+++ b/tests/dogtag/shared/PkiLib/pkicommonlib.py
@@ -0,0 +1,115 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*
+from lxml import etree
+
+def policy_attributes(Policy_definition, policy_attributes):
+
+    for idx,(name,syntax,constraint,description,defaultvalue) in enumerate(policy_attributes):
+        policy_attribute_name = etree.SubElement(Policy_definition, 'policyAttribute', name=name)
+        policy_attribute_descriptor = etree.SubElement(policy_attribute_name,'Descriptor')
+        policy_attribute_syntax = etree.SubElement(policy_attribute_descriptor, 'Syntax').text = syntax
+        if constraint != 'NULL':
+            policy_attribute_constraint = etree.SubElement(policy_attribute_descriptor, 'Constraint').text=constraint
+        policy_attribute_description = etree.SubElement(policy_attribute_descriptor, 'Description').text = description
+        if defaultvalue != 'NULL':
+            policy_attribute_defaultvalue = etree.SubElement(policy_attribute_descriptor, 'DefaultValue').text = defaultvalue
+        else:
+            policy_attribute_defaultvalue = etree.SubElement(policy_attribute_descriptor, 'DefaultValue')
+
+
+def constraint_attributes(constraint_definition, constraint_attributes):
+
+    for idx,(constraintid, syntax, constraint, description, defaultvalue, value) in enumerate(constraint_attributes):
+
+        constraint_id = etree.SubElement(constraint_definition, 'constraint', id = constraintid)
+        constraint_id_descriptor = etree.SubElement(constraint_id, 'descriptor')
+        constraint_id_descriptor_syntax = etree.SubElement(constraint_id_descriptor, 'Syntax').text = syntax
+        if constraint != 'NULL':
+            constraint_id_descriptor_syntax = etree.SubElement(constraint_id_descriptor, 'Constraint').text = constraint
+
+        constraint_id_descriptor_description = etree.SubElement(constraint_id_descriptor, 'Description').text = description
+
+        if defaultvalue != 'NULL':
+            constraint_id_descriptor_defaultvalue = etree.SubElement(constraint_id_descriptor, 'DefaultValue').text = defaultvalue
+
+        if value != 'NULL':
+            constraint_value = etree.SubElement(constraint_id, 'value').text = value
+        else:
+            constraint_value = etree.SubElement(constraint_id, 'value')
+
+def policy_parameters(Policy_definition, parameters):
+
+    for idx,(name, value) in enumerate(parameters):
+
+        policy_param_name = etree.SubElement(Policy_definition, 'params', name=name)
+        if value != 'NULL':
+            policy_param_value = etree.SubElement(policy_param_name, 'value').text=value    
+        else:
+            policy_param_value = etree.SubElement(policy_param_name, 'value')
+
+def policy_definition(Policy_Value,definition):
+
+    Policy_definition = etree.SubElement(Policy_Value, 'def', id=definition['id'], classId=definition['classid'])
+    Policy_description = etree.SubElement(Policy_definition, 'description').text = definition['description']
+
+    return Policy_definition
+
+def constraint_definition(Policy_Value, definition):
+
+    constraint_definition = etree.SubElement(Policy_Value, 'constraint', id=definition['id'])
+    constraint_description = etree.SubElement(constraint_definition, 'description').text = definition['description']
+    constraint_classid = etree.SubElement(constraint_definition, 'classId').text = definition['classId']
+
+    return constraint_definition        
+
+def check_ext_key_usage(mylist, string):
+
+    s1 = 'true'
+    s2 = 'false'
+    if string in mylist:
+        return s1
+    else:
+        return s2
+
+def get_policyId(root):
+
+    Policy_Value = root.findall('./PolicySets/PolicySet/value')
+    value = 0
+    for key in Policy_Value:
+       attributes = key.attrib
+       value = attributes["id"]
+    if value is 0:
+       pvalue = '1'
+    else:
+       pvalue = int(value) + 1
+
+    return str(pvalue)    
+
+def get_Element_PolicyValue(PolicySet,javaclass):
+
+    mydict = {}
+    for key in PolicySet.iterchildren(tag='value'):
+         PolicyValues=key.items()[0][1]
+         classId=key[0].get('classId')
+         mydict[classId]=PolicyValues
+
+    if mydict.has_key(javaclass):
+        value_Id = mydict[javaclass]
+        Policy_value = PolicySet.find('./value[@id=' + "\"" +  str(value_Id) + "\"" + "]")
+        return Policy_value
+    else:
+        return None
+
+def check_policy(PolicySet, javaclass):
+
+    DefinedPolicies = PolicySet.findall("./value/def")
+    list_of_policy_classes = []
+    for classes in DefinedPolicies:
+        list_of_policy_classes.append(classes.get('classId'))
+
+    # check if my classId is already there
+    if javaclass in list_of_policy_classes:
+        return True
+    else:
+        return False
+
diff --git a/tests/dogtag/shared/PkiLib/pkiconstraintslib.py b/tests/dogtag/shared/PkiLib/pkiconstraintslib.py
new file mode 100644
index 000000000..7add7b835
--- /dev/null
+++ b/tests/dogtag/shared/PkiLib/pkiconstraintslib.py
@@ -0,0 +1,129 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*
+from lxml import etree
+#import pkicommonlib as common
+import PkiLib.pkicommonlib as common
+
+def validityConstraintImpl(Policy_Value,default_value,range_value):
+
+
+    constraint_definition = etree.SubElement(Policy_Value, 'constraint', id='Validity Constraint')
+    s1 = 'This constraint rejects the validity that is not between %s days.' % (range_value)
+    constraint_description = etree.SubElement(constraint_definition, 'description').text = s1
+    constraint_classid = etree.SubElement(constraint_definition, 'classId').text = 'validityConstraintImpl'
+
+    validityConstraintImpl_attributes = [
+            ('range', 'integer', 'NULL', 'Validity Range (in days)', str(default_value), str(range_value)),
+            ('notBeforeGracePeriod', 'integer', 'NULL','Grace period for Not Before being set in the future (in seconds).', '0', 'NULL'),
+            ('notBeforeCheck', 'boolean', 'NULL','Check Not Before against current time', 'false', 'false'),
+            ('notAfterCheck','boolean', 'NULL', 'Check Not After against Not Before', 'false', 'false')]
+
+    common.constraint_attributes(constraint_definition, validityConstraintImpl_attributes)
+
+def subjectNameConstraintImpl(Policy_Value,subjectPattern):
+
+    constraint_definition = etree.SubElement(Policy_Value, 'constraint', id='Subject Name Constraint')
+    constraint_description = etree.SubElement(constraint_definition, 'description').text = 'This constraint accepts the subject name that matches ' + subjectPattern
+    constraint_classid = etree.SubElement(constraint_definition, 'classId').text = 'subjectNameConstraintImpl'
+
+    subjectNameConstraintImpl_attributes = [('pattern','string','NULL','Subject Name Pattern','NULL',subjectPattern)]
+
+    common.constraint_attributes(constraint_definition, subjectNameConstraintImpl_attributes)
+
+
+def noConstraintImpl(Policy_Value):
+    constraint_definition = etree.SubElement(Policy_Value, 'constraint', id='No Constraint')
+    constraint_description = etree.SubElement(constraint_definition, 'description').text = 'No Constraint'
+    constraint_classid = etree.SubElement(constraint_definition, 'classId').text = 'noConstraintImpl'
+
+def basicConstraintsCritical(Policy_Value,PathLength,isCA):
+
+    constraint_definition = etree.SubElement(Policy_Value, 'constraint', id='Basic Constraint Extension Constraint')
+    s1 = 'This constraint accepts the Basic Constraint extension, if present, only when Criticality=true,'
+    s2 = 'Is CA=true, Min Path Length=-1, Max Path Length=-1'
+    constraint_description = etree.SubElement(constraint_definition, 'description').text = s1 + s2
+    constraint_classid = etree.SubElement(constraint_definition, 'classId').text = 'basicConstraintsExtConstraintImpl'
+
+    basicConstraintsCritical_attributes = [
+            ('basicConstraintsCritical','choice', 'true,false,-', 'Criticality', '-', 'true'),
+            ('basicConstraintsIsCA', 'choice', 'true,false,-', 'Is CA', '-', isCA),
+            ('basicConstraintsMinPathLen', 'integer','NULL', 'Min Path Length','-1', PathLength),
+            ('basicConstraintsMaxPathLen', 'integer', 'NULL','Max Path Length', '100', '100')
+            ]
+    common.constraint_attributes(constraint_definition, basicConstraintsCritical_attributes)
+
+def signingAlgConstraintImpl(Policy_Value):
+
+    constraint_definition = etree.SubElement(Policy_Value, 'constraint', id='No Constraint')
+    s1 = 'This constraint accepts only the Signing Algorithms of SHA1withRSA,SHA256withRSA,SHA512withRSA,'
+    s2 = 'MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC'
+    constraint_description = etree.SubElement(constraint_definition, 'description').text = s1 + s2
+    constraint_classid = etree.SubElement(constraint_definition, 'classId').text = 'signingAlgConstraintImpl'
+
+    signingAlgConstraintImpl_attributes = [
+            ('signingAlgsAllowed', 'string','NULL','Allowed Signing Algorithms',
+                'SHA1withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA256withRSA,SHA512withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC',
+                'SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC')]
+
+    common.constraint_attributes(constraint_definition, signingAlgConstraintImpl_attributes)
+
+def renewGracePeriodConstraintImpl(Policy_Value,notBefore,notAfter):
+    
+    constraint_definition = etree.SubElement(Policy_Value, 'constraint', id='Renewal Grace Period Constraint')
+    s1 = 'This constraint rejects the validity that is not between %s days before' %(notBefore)
+    s2 = 'and %s days after original cert expiration date days.' %(notAfter)
+    constraint_description = etree.SubElement(constraint_definition, 'description').text = s1 + s2
+    constraint_classid = etree.SubElement(constraint_definition, 'classId').text = 'renewGracePeriodConstraintImpl'
+
+    renewGracePeriodConstraintImpl_attributes = [
+            ('renewal.graceBefore', 'integer', 'NULL', 'Renewal Grace Period Before', notBefore, notBefore),
+            ('renewal.graceAfter', 'integer', 'NULL', 'Renewal Grace Period After', notAfter, notAfter)]
+
+    common.constraint_attributes(constraint_definition, renewGracePeriodConstraintImpl_attributes)
+
+def keyUsageExtConstraintImpl(Policy_Value,keylist):
+    constraint_definition = etree.SubElement(Policy_Value, 'constraint', id='Key Usage Extension Constraint')
+
+    def1 = 'This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true,'
+    def2 = 'Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false,'
+    def3 = 'Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false'
+
+    constraint_description = etree.SubElement(constraint_definition, 'description').text = def1 + def2 + def3
+    constraint_classid = etree.SubElement(constraint_definition, 'classId').text = 'keyUsageExtConstraintImpl'
+    
+    key_default_list = (
+            'keyUsageCritical','keyUsageDigitalSignature', 'keyUsageNonRepudiation', 
+            'keyUsageKeyEncipherment', 'keyUsageDataEncipherment', 'keyUsageKeyAgreement', 
+            'keyUsageKeyCertSign', 'keyUsageCrlSign','keyUsageEncipherOnly',
+            'keyUsageDecipherOnly')
+
+    keyUsageExtConstraintImpl_attributes = [
+            (key_default_list[0], 'choice', 'true,false,-', 'Criticality', '-', common.check_ext_key_usage(keylist,key_default_list[0])),
+            (key_default_list[1], 'choice', 'true,false,-', 'Digital Signature', '-', common.check_ext_key_usage(keylist,key_default_list[1])),
+            (key_default_list[2], 'choice', 'true,false,-', 'Non-Repudiation', '-',  common.check_ext_key_usage(keylist,key_default_list[2])),
+            (key_default_list[3], 'choice', 'true,false,-', 'Key Encipherment', '-', common.check_ext_key_usage(keylist,key_default_list[3])),
+            (key_default_list[4], 'choice', 'true,false,-', 'Data Encipherment', '-', common.check_ext_key_usage(keylist,key_default_list[4])),
+            (key_default_list[5], 'choice', 'true,false,-', 'Key Agreement', '-', common.check_ext_key_usage(keylist,key_default_list[5])),
+            (key_default_list[6], 'choice', 'true,false,-', 'Key CertSign', '-', common.check_ext_key_usage(keylist,key_default_list[6])),
+            (key_default_list[7], 'choice', 'true,false,-', 'CRL Sign', '-', common.check_ext_key_usage(keylist,key_default_list[7])),
+            (key_default_list[8], 'choice', 'true,false,-', 'Encipher Only', '-', common.check_ext_key_usage(keylist,key_default_list[8])),
+            (key_default_list[9], 'choice', 'true,false,-', 'Decipher Only', '-', common.check_ext_key_usage(keylist,key_default_list[9]))]            
+
+    common.constraint_attributes(constraint_definition, keyUsageExtConstraintImpl_attributes)
+
+def keyConstraintImpl(Policy_Value):
+
+    constraint_definition = etree.SubElement(Policy_Value, 'constraint', id='Key Constraint')
+    s1 = 'This constraint accepts the key only if Key Type=-, Key Parameters =1024,2048,3072,4096,nistp256,nistp384,nistp521'
+    constraint_description = etree.SubElement(constraint_definition, 'description').text = s1
+    constraint_classid = etree.SubElement(constraint_definition, 'classId').text = 'keyConstraintImpl'
+    s2 = 'Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or:'
+    s3 = 'nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.'
+
+    keyConstraintImpl_attributes = [
+            ('keyType', 'choice','-,RSA,EC', 'Key Type', 'RSA', '-'),
+            ('keyParameters', 'string', 'NULL', s2 + s3, 'NULL', '1024,2048,3072,4096,nistp256,nistp384,nistp521')]
+
+    common.constraint_attributes(constraint_definition, keyConstraintImpl_attributes)
+
+
diff --git a/tests/dogtag/shared/PkiLib/pkiprofilecli.py b/tests/dogtag/shared/PkiLib/pkiprofilecli.py
new file mode 100644
index 000000000..aa7a050db
--- /dev/null
+++ b/tests/dogtag/shared/PkiLib/pkiprofilecli.py
@@ -0,0 +1,340 @@
+import argparse
+import PkiLib.pkiprofilelib as pkiprofilelib
+from lxml import etree
+import sys
+ 
+def main():
+
+    parser = argparse.ArgumentParser(description="Create and Edit Profiles")
+    required = parser.add_argument_group('Mandatory Arguments') 
+    userChoices = ('user', 'smime', 'dualcert', 'server', 'ca','other')
+    parser.add_argument('--editprofile', help="Edit existing profile xml")
+    parser.add_argument('--new', choices = userChoices, help="Create new profile xml")
+    parser.add_argument('--profileId', help="Id of the Profile to be created")
+    parser.add_argument('--profilename', help="Name of the profile to be created")
+    parser.add_argument('--profiledescription', help="Description of the profile to be created")
+    parser.add_argument('--inputfile', help="Provide xml file to be modified")
+    parser.add_argument('--outputfile', help="Save the profile in output file",required=True)
+    parser.add_argument('--subjectNamePattern', help="Subject Name pattern constraint to be passed")
+    parser.add_argument('--subjectNameDefault', type=str, help="Default Subject Name to be appended")
+    parser.add_argument('--notBefore', type=str, help="Days not before the expiry date")
+    parser.add_argument('--notAfter', type=str, help="Days not After the expiry date")
+    parser.add_argument('--validfor', type=str, help="Total validity period of cert")
+    parser.add_argument('--maxvalidity', type=str, help="Total Maximum validity should not exceed Total validity")
+    parser.add_argument('--keyusageextensions', type=str, help="Add Key usage Extensions to be enabled in profile")
+    parser.add_argument('--netscapeextensions', type=str, help="Specify the Netscape Extensions to be added")
+    parser.add_argument('--crlextension', type=str, help="Specify CRL url")
+    parser.add_argument('--isCA', type=str, help="Specify True/False value")
+    parser.add_argument('--PathLength', type=str, help="Specify Maximum path length")
+    parser.add_argument('--altType', type=str, help="Provide subject Alt type")
+    parser.add_argument('--altPattern', type=str, help="Provide Subject Alt Pattern")
+    parser.add_argument('--ExtOID', type=str, help="Provide ExtOID supplied in csr")
+    args = parser.parse_args()
+    if args.new:
+	new_profile(args)
+    elif args.editprofile:
+        New_Edit_Profile(args)
+
+def new_profile(args):
+
+    if (args.new == 'user') or (args.new == 'smime'):
+        profile_user_input_parser(args)
+    elif (args.new == 'server') or (args.new == 'ca') or (args.new == 'other'):
+        profile_server_input_parser(args)
+    elif args.new == 'dualcert':
+        profile_dualcert_input_parser(args)  
+    else:
+	print "In appropriate option.Exiting"
+	sys.exit(1)
+    return 0
+
+def Generate_Profile_hash(args):
+
+    Profile_Input_Dict = {}
+    ProfileId = args.profileId
+    Profile_Input_Dict['ProfileId'] = ProfileId
+    if (args.new == 'user') or (args.new == 'smime'):
+        ProfileName = 'Manual User Dual-Use Certificate Enrollment'
+        ProfileDescription = 'This certificate profile is for enrolling user certificates'
+        Profile_Input_Dict['Key_Generation_Class'] = 'keyGenInputImpl'
+        Profile_Input_Dict['Key_Generate_InputId'] = '1'
+        Profile_Input_Dict['subject_Name_Input_Id'] = '2'
+        Profile_Input_Dict['Submitter_Info_InputId'] = '3'
+        keylist = ('keyUsageCritical','keyUsageDigitalSignature','keyUsageNonRepudiation','keyUsageKeyEncipherment')
+        subjectPattern = 'UID=.*'
+        policysetname = 'pkitest1'
+    elif (args.new == 'server') or (args.new == 'other'):
+        ProfileName = "Manual Server Certificate Enrollment"
+        ProfileDescription = "This certificate profile is for enrolling dual user certificates"
+        Profile_Input_Dict['Key_Generation_Class'] = 'certReqInputImpl'
+        Profile_Input_Dict['Key_Generate_InputId'] = '1'
+        Profile_Input_Dict['Submitter_Info_InputId'] = '2'
+        keylist = ('keyUsageCritical','keyUsageDigitalSignature','keyUsageNonRepudiation','keyUsageKeyEncipherment')
+        subjectPattern = 'CN=.*'
+        policysetname = 'pkitest1'
+    elif args.new == 'dualcert':
+        ProfileName = "Manual User Signing and Encryption Certificates Enrollment"
+        ProfileDescription = "This certificate profile is for enrolling dual user certificates"
+        Profile_Input_Dict['Key_Generation_Class'] = 'dualKeyGenInputImpl'
+        Profile_Input_Dict['Key_Generate_InputId'] = '1'
+        Profile_Input_Dict['subject_Name_Input_Id'] = '2'
+        Profile_Input_Dict['Submitter_Info_InputId'] = '3'
+        keylist = ('keyUsageCritical','keyUsageKeyEncipherment')
+        subjectPattern = 'UID=.*'
+        policysetname = 'encryptionCertSet'
+    elif args.new == 'ca':
+        policysetname = 'caCertSet'
+        ProfileName = "Manual Certificate Manager Signing Certificate Enrollment"
+        ProfileDescription = "This certificate profile is for enrolling Certificate Authority certificates."
+        Profile_Input_Dict['Key_Generation_Class'] = 'certReqInputImpl'
+        Profile_Input_Dict['Key_Generate_InputId'] = '1'
+        Profile_Input_Dict['Submitter_Info_InputId'] = '2'
+        keylist = ('keyUsageCritical', 'keyUsageDigitalSignature', 'keyUsageNonRepudiation', 'keyUsageKeyCertSign', 'keyUsageCrlSign')
+        subjectPattern = 'CN=.*'
+        if args.PathLength:
+            PathLength = args.PathLength
+        else:
+            PathLength = "-1"
+        Profile_Input_Dict['PathLength'] = PathLength
+        if args.isCA:
+            isCA = args.isCA
+        else:
+            isCA = "true"
+        Profile_Input_Dict['isCA'] = isCA
+   
+    Profile_Input_Dict['PolicySet'] = policysetname
+
+    if args.subjectNamePattern:
+        Profile_Input_Dict['Subject_Pattern'] = args.subjectNamePattern
+    else:
+        Profile_Input_Dict['Subject_Pattern'] = subjectPattern
+    if args.subjectNameDefault:
+        Profile_Input_Dict['subjectNameDefault'] = args.subjectNameDefault
+    else:
+        Profile_Input_Dict['subjectNameDefault'] = None
+
+    if args.profilename:
+        Profile_Input_Dict['name'] = args.profilename
+    else:
+        Profile_Input_Dict['name'] = ProfileName
+
+    if args.profiledescription:
+        Profile_Input_Dict['Description'] = args.profiledescription
+    else:
+        Profile_Input_Dict['Description'] =  ProfileDescription
+    if args.keyusageextensions:
+        Profile_Input_Dict['Key_List'] = args.keyusageextensions
+    else:
+        Profile_Input_Dict['Key_List'] = keylist
+    
+    if args.notBefore:
+        Profile_Input_Dict['NotBefore'] = args.notBefore
+    else:
+        Profile_Input_Dict['NotBefore'] = '30'
+
+    if args.notAfter:
+        Profile_Input_Dict['NotAfter'] = args.notAfter
+    else:
+        Profile_Input_Dict['NotAfter'] = '30'
+
+    if args.validfor:
+        validfor = args.validfor
+        Profile_Input_Dict['Validity'] = args.validfor
+    else:
+        Profile_Input_Dict['Validity'] = '180'
+
+    if args.maxvalidity:
+        Profile_Input_Dict['MaxValidity'] = args.maxvalidity
+    else:
+        Profile_Input_Dict['MaxValidity'] = '365'
+
+    if args.netscapeextensions:
+        Profile_Input_Dict['NetscapeExtensions'] = args.netscapeextensions
+
+    if args.new == 'smime':
+        Profile_Input_Dict['Generic_extensions'] = 'true'
+
+    if args.crlextension:
+        Profile_Input_Dict['crlurl'] = args.crlextension
+
+    if args.altPattern:
+        altPattern = args.altPattern
+    else:
+        altPattern = "$request.requestor_email$"
+    Profile_Input_Dict['altPattern'] = altPattern
+
+    if args.altType:
+        altType = args.altType
+    else:
+        altType = 'RFC822Name'
+    Profile_Input_Dict['altType'] = altType
+
+    if args.ExtOID:
+        Profile_Input_Dict['ExtOID'] = args.ExtOID
+
+    return Profile_Input_Dict
+
+def profile_user_input_parser(args):
+
+    Profile_Input_Dict = Generate_Profile_hash(args)
+    root_element, PolicySets = Create_Profile(Profile_Input_Dict)
+    root_element, PolicySet = pkiprofilelib.Create_Policy(root_element, PolicySets, Profile_Input_Dict['PolicySet'])
+    et = Add_Policies(root_element,PolicySet,Profile_Input_Dict) 
+    et.write(args.outputfile, pretty_print=True)
+
+def profile_server_input_parser(args):
+
+    Profile_Input_Dict = Generate_Profile_hash(args)
+    root_element, PolicySets = Create_Profile(Profile_Input_Dict)
+    root_element, PolicySet = pkiprofilelib.Create_Policy(root_element, PolicySets, Profile_Input_Dict['PolicySet'])
+    et = Add_Policies(root_element,PolicySet,Profile_Input_Dict) 
+    et.write(args.outputfile, pretty_print=True)
+        
+def profile_dualcert_input_parser(args):
+
+    Profile_Input_Dict1 = Generate_Profile_hash(args)
+    root_element, PolicySets = Create_Profile(Profile_Input_Dict1)
+    root_element, policyset = pkiprofilelib.Create_Policy(root_element, PolicySets, Profile_Input_Dict1['PolicySet'])
+    et = Add_Policies(root_element,policyset,Profile_Input_Dict1)
+    et.write(args.outputfile, pretty_print=True)
+
+    keylist2 = ('keyUsageCritical','keyUsageDigitalSignature','keyUsageDigitalSignature', 'keyUsageNonRepudiation')
+    subjectPattern =  Profile_Input_Dict1['Subject_Pattern']
+    subjectDefault = Profile_Input_Dict1['subjectNameDefault']
+    notBefore = Profile_Input_Dict1['NotBefore']
+    notAfter = Profile_Input_Dict1['NotAfter']
+    validfor = Profile_Input_Dict1['Validity']
+    maxvalidity = Profile_Input_Dict1['MaxValidity']
+    altType = Profile_Input_Dict1['altType'] 
+    altPattern = Profile_Input_Dict1['altPattern']
+
+    Profile_Input_Dict2 = {
+            'PolicySet': 'signingCertSet',
+            'Subject_Pattern': subjectPattern,
+            'subjectNameDefault': subjectDefault,
+            'Key_List': keylist2,
+            'NotBefore': notBefore,
+            'NotAfter': notAfter,
+            'Validity': validfor,
+            'MaxValidity': maxvalidity,
+            'altType': altType,
+            'altPattern': altPattern
+            }
+    root_element, policyset = pkiprofilelib.Create_Policy(root_element, PolicySets, Profile_Input_Dict2['PolicySet'])
+    et = Add_Policies(root_element,policyset,Profile_Input_Dict2)
+    et.write(args.outputfile, pretty_print=True)
+    
+def Create_Profile(Profile_Input_Dict):
+
+    root_element = pkiprofilelib.new_profile(Profile_Input_Dict['ProfileId'], Profile_Input_Dict['name'], 
+                                    Profile_Input_Dict['Description'])
+    pkiprofilelib.key_gen(root_element, Profile_Input_Dict['Key_Generation_Class'], 
+                                    Profile_Input_Dict['Key_Generate_InputId'])
+
+    if Profile_Input_Dict.has_key('subject_Name_Input_Id'):
+        pkiprofilelib.subject_name_input(root_element, Profile_Input_Dict['subject_Name_Input_Id'])
+        pkiprofilelib.submitter_info(root_element, Profile_Input_Dict['Submitter_Info_InputId'])
+    else:
+       pkiprofilelib.submitter_info(root_element,Profile_Input_Dict['Submitter_Info_InputId'])
+      
+    pkiprofilelib.output_info(root_element)
+    # Create Policy Set
+    root_element, PolicySets = pkiprofilelib.Create_PolicySets(root_element)
+    return root_element, PolicySets
+
+def New_Edit_Profile(args):
+
+    # Get Root Element and PolicySet
+    parser = etree.XMLParser(remove_blank_text=True)
+    root_element = etree.parse(args.editprofile,parser)
+    PolicySet = root_element.find('./PolicySets/PolicySet')
+
+    if args.profilename:
+        Profilename = root_element.find('name')
+        Profilename.text = args.profilename
+
+    if args.profiledescription:
+        ProfileDescription = root_element.find('description')
+        ProfileDescription.text = args.profiledescription
+    
+    if args.subjectNamePattern and args.subjectNameDefault is None:
+        pkiprofilelib.Subject_Name_Default(root_element, PolicySet,args.subjectNamePattern,None)
+
+    if args.subjectNamePattern is None and args.subjectNameDefault:
+        pkiprofilelib.Subject_Name_Default(root_element, PolicySet,None,args.subjectNameDefault)
+
+    if args.subjectNamePattern and args.subjectNameDefault:
+        pkiprofilelib.Subject_Name_Default(root_element, PolicySet,args.subjectNamePattern,args.subjectNameDefault)
+    
+    if args.keyusageextensions:
+        pkiprofilelib.Key_Usage_Default(root_element,PolicySet, args.keyusageextensions)
+
+    if args.maxvalidity and args.validfor:
+        pkiprofilelib.Validity_Default(root_element,PolicySet, args.validfor, args.maxvalidity)    
+    
+    if args.notBefore and args.notAfter:
+        pkiprofilelib.No_Default(root_element, PolicySet, args.notBefore , args.notAfter)
+
+    if args.netscapeextensions:
+        pkiprofilelib.Netscape_Certificate_Type_Extension_Default(root_element,PolicySet,args.netscapeextensions)
+
+    if args.crlextension:
+        pkiprofilelib.crl_Distribution_Points_Ext_Default(root_element,PolicySet,args.crlextension)
+     
+    if args.PathLength and args.isCA:
+        pkiprofilelib.Basic_Constraints_Extension_Default(root_element,PolicySet,args.PathLength,args.isCA)
+
+    if args.altType and args.altPattern:
+        pkiprofilelib.Subject_Alt_Name_Constraint(root_element,PolicySet,args.altType, args.altPattern)
+
+    if args.ExtOID:
+         pkiprofilelib.User_Supplied_Extension_Default(root_element,PolicySet,args.ExtOID)
+    
+    root_element.write(args.outputfile, pretty_print=True)
+
+
+def Add_Policies(root_element, PolicySet, Profile_Input_Dict):
+
+    if  Profile_Input_Dict['subjectNameDefault'] is None:
+        pkiprofilelib.Subject_Name_Default(root_element,PolicySet, Profile_Input_Dict['Subject_Pattern'],None)
+    else:
+        pkiprofilelib.Subject_Name_Default(root_element,PolicySet, Profile_Input_Dict['Subject_Pattern'],Profile_Input_Dict['subjectNameDefault'])
+
+
+    if not (Profile_Input_Dict.has_key('PathLength') and Profile_Input_Dict.has_key('isCA')):
+        pkiprofilelib.No_Default(root_element, PolicySet, Profile_Input_Dict['NotBefore'],Profile_Input_Dict['NotAfter'])
+        pkiprofilelib.Validity_Default(root_element,PolicySet, Profile_Input_Dict['Validity'],Profile_Input_Dict['MaxValidity'])
+        pkiprofilelib.Extended_Key_Usage_Extension_Default(root_element,PolicySet)
+        pkiprofilelib.Subject_Alt_Name_Constraint(root_element,PolicySet,Profile_Input_Dict['altType'],Profile_Input_Dict['altPattern'])
+
+        if Profile_Input_Dict.has_key('ExtOID'):
+            pkiprofilelib.User_Supplied_Extension_Default(root_element,PolicySet,Profile_Input_Dict['ExtOID'])
+
+    pkiprofilelib.Key_Default(root_element, PolicySet)
+    pkiprofilelib.Authority_Key_Identifier_Default(root_element,PolicySet)
+    pkiprofilelib.AIA_Extension_Default(root_element,PolicySet)
+    pkiprofilelib.Key_Usage_Default(root_element, PolicySet,Profile_Input_Dict['Key_List'])
+    pkiprofilelib.Signing_Alg(root_element,PolicySet)
+
+
+    if Profile_Input_Dict.has_key('Generic_extensions'):
+        pkiprofilelib.Generic_Extension(root_element,PolicySet)
+
+    if Profile_Input_Dict.has_key('NetscapeExtensions'):
+        pkiprofilelib.Netscape_Certificate_Type_Extension_Default(root_element,PolicySet, Profile_Input_Dict['NetscapeExtensions'])
+
+    if Profile_Input_Dict.has_key('crlurl'):
+        pkiprofilelib.crl_Distribution_Points_Ext_Default(root_element,PolicySet,Profile_Input_Dict['crlurl'])
+
+    if Profile_Input_Dict.has_key('PathLength') and Profile_Input_Dict.has_key('isCA'):
+        pkiprofilelib.Basic_Constraints_Extension_Default(root_element,PolicySet,Profile_Input_Dict['PathLength'], Profile_Input_Dict['isCA'])
+        pkiprofilelib.CA_Certificate_Validity_Default(root_element,PolicySet)
+        pkiprofilelib.Subject_Key_Identifier_Extension_Default(root_element,PolicySet)
+
+    et = etree.ElementTree(root_element)
+
+    return et
+
+if __name__=='__main__':
+    main()
+
diff --git a/tests/dogtag/shared/PkiLib/pkiprofilelib.py b/tests/dogtag/shared/PkiLib/pkiprofilelib.py
new file mode 100644
index 000000000..941478d50
--- /dev/null
+++ b/tests/dogtag/shared/PkiLib/pkiprofilelib.py
@@ -0,0 +1,914 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*
+from lxml import etree
+import sys
+import re
+import PkiLib.pkiconstraintslib as constraints
+import PkiLib.pkicommonlib as common
+
+def new_profile(ProfileId,ProfileName,ProfileDescription):
+
+    #our profile starts with Profile Tag
+    root = etree.Element("Profile", id=ProfileId)
+    #print type(root)
+    
+    # In future the this could be a arguement to be passed
+    classId = etree.SubElement(root, "classId").text = 'caEnrollImpl'
+    
+    # Profile Name
+    name = etree.SubElement(root, "name").text = ProfileName
+
+    # Profile Description
+    description = etree.SubElement(root, "description").text = ProfileDescription
+
+    enabled = etree.SubElement(root, "enabled").text = 'false'
+    visible = etree.SubElement(root, "visible").text = 'true'
+    enabledBy = etree.SubElement(root, "enabledBy")
+    authzAcl = etree.SubElement(root, "authzAcl")
+    renew = etree.SubElement(root, "renewal").text = 'false'
+    xmlOutput = etree.SubElement(root, "xmlOutput").text = 'false'
+
+    return root
+
+def key_gen(root,InputClassID,InputId):
+
+    ''' This function for storing the Key Generation 
+        Possible values of InputClassID:
+            certReqInputImpl : For Server Cert 
+            keyGenInputImpl : For User Cert/SMIMECert
+            dualKeyGenInputImpl: For Dual Cert
+
+        @parameters InputClassID
+    '''
+    Input = etree.SubElement(root, "Input", id = 'i'+InputId)
+    classId = etree.SubElement(Input, 'ClassID').text = InputClassID
+    name = etree.SubElement(Input, 'Name').text = 'Key Generation'
+
+    if InputClassID == 'dualKeyGenInputImpl':
+       input_attributes = [
+               ('cert_request_type','dual_keygen_request_type','Key Generation Request Typ'),
+               ('cert_request','dual_keygen_request', 'Key Generation Request')]
+
+    elif InputClassID == 'keyGenInputImpl':
+       input_attributes = [
+               ('cert_request_type','keygen_request_type', 'Key Generation Request Type'),
+               ('cert_request','keygen_request', 'Key Generation Request')]
+
+    elif InputClassID == 'certReqInputImpl':
+       input_attributes = [
+               ('cert_request_type','cert_request_type', 'Certificate Request Type'),
+               ('cert_request','cert_request', 'Certificate Request')]
+    else:
+        print '%s did not match with valid Input ClassId', InputClassID
+        sys.exit(1)
+    
+    for idx, (name, syntax, description) in enumerate(input_attributes):
+
+        Attribute = etree.SubElement(Input, 'Attribute', name=name)
+        Descriptor = etree.SubElement(Attribute, 'Descriptor')
+        syntax = etree.SubElement(Descriptor, 'Syntax').text = syntax
+        Description = etree.SubElement(Descriptor, 'Description').text = description
+
+def subject_name_input(root, InputId):
+    
+    subject_name_values = [
+            ('sn_uid', 'UID'),
+            ('sn_e','Email'),
+            ('sn_cn','Common Name'),
+            ('sn_ou3','Organizational Unit 3'),
+            ('sn_ou2','Organizational Unit 2'),
+            ('sn_ou1','Organizational Unit 1'),
+            ('sn_ou','Organizational Unit'),
+            ('sn_o','Organization'),
+            ('sn_c','Country')]
+    
+    Input = etree.SubElement(root, "Input", id = 'i'+InputId)
+    classId = etree.SubElement(Input, 'ClassID').text = 'subjectNameInputImpl'
+    name = etree.SubElement(Input, 'Name').text = 'Subject Name'
+
+    for idx, (attr_name, desc_value) in enumerate(subject_name_values):
+    
+         Attribute = etree.SubElement(Input, 'Attribute', name=attr_name)
+         Descriptor = etree.SubElement(Attribute, 'Descriptor')
+         syntax = etree.SubElement(Descriptor, 'Syntax').text = 'string'
+         description = etree.SubElement(Descriptor, 'Description').text = desc_value
+
+
+def submitter_info(root, InputId):
+
+    Input = etree.SubElement(root, "Input", id='i'+InputId)
+    classId = etree.SubElement(Input, 'ClassID').text = 'submitterInfoInputImpl'
+    name = etree.SubElement(Input, 'Name').text = 'Requestor Information'
+
+    requestor_info_values = [
+            ('requestor_name', 'Requestor Name'),
+            ('requestor_email', 'Requestor Email'),
+            ('requestor_phone', 'Requestor Phone')
+            ]
+    for idx, (attr_name, desc_value) in enumerate(requestor_info_values):
+
+        Attribute = etree.SubElement(Input, 'Attribute', name=attr_name)
+        Descriptor = etree.SubElement(Attribute, 'Descriptor')
+        syntax = etree.SubElement(Descriptor, 'Syntax').text = 'string'
+        description = etree.SubElement(Descriptor, 'Description').text = desc_value
+
+def output_info(root):
+
+    output = etree.SubElement(root, "Output", id="o1")
+    Name = etree.SubElement(output, 'name').text = 'Certificate Output'
+    output_classId = etree.SubElement(output, 'classId').text = 'certOutputImpl'
+
+    output_attributes = [
+            ('pretty_cert', 'pretty_print', 'Certificate Pretty Print'),
+            ('b64_cert', 'pretty_print', 'Certificate Base-64 Encoded')]
+
+    for idx, (name, syntax, description) in enumerate(output_attributes):
+        Attribute = etree.SubElement(output, 'attributes', name=name)
+        Descriptor = etree.SubElement(Attribute, 'Descriptor')
+        Syntax = etree.SubElement(Descriptor, 'Syntax').text = syntax
+        Description = etree.SubElement(Descriptor, 'Description').text = description
+
+def Create_PolicySets(root):
+
+    PolicySets = etree.SubElement(root, "PolicySets")
+    return root, PolicySets
+    
+
+def Create_Policy(root_element, PolicySets, policysetname):
+    
+    #PolicySets = root_element.find('./PolicySets')
+    policyset = etree.SubElement(PolicySets, 'PolicySet')
+    policySetId = etree.SubElement(policyset, 'id').text = policysetname
+    return root_element, policyset
+   
+
+
+def get_policyId(PolicySet):
+
+    PolicyValue = '1'
+    if len(PolicySet) > 1:
+        PolicyValue = '1'
+        for valuedef in PolicySet.iterchildren(tag='value'):
+            value = valuedef.get('id')
+
+        PolicyValue = int(value) + 1
+        return str(PolicyValue)
+    else:
+        return PolicyValue
+
+def get_current_policyvalue(root):
+    Policy_Value = root.findall('./PolicySets/PolicySet/value')
+    mydict = {}
+    for key in Policy_Value:
+	PolicyValues=key.items()[0][1]
+        classId=key[0].get('classId')   
+        mydict[PolicyValues]=classId
+    return mydict
+
+def Subject_Name_Default(root_element,PolicySet,subjectPattern,subjectDefault):
+
+    # Check if the policy is already defined
+    javaclass = 'userSubjectNameDefaultImpl'
+
+    result = common.check_policy(PolicySet, javaclass)
+
+    if result is False:
+
+        #Get Policy ID
+        pvalue = get_policyId(PolicySet)
+        Subject_Name_Default_description = 'This default populates a User-Supplied Certificate Subject Name to the request'
+
+        # Policy Value
+        Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue)
+
+        if subjectDefault:
+            Policy_definition = etree.SubElement(Policy_Value, 'def', classId='subjectNameDefaultImpl',id='Subject Name Default')
+        else:
+            Policy_definition = etree.SubElement(Policy_Value, 'def', classId='userSubjectNameDefaultImpl',id='Subject Name Default')
+        Policy_description = etree.SubElement(Policy_definition, 'description').text = Subject_Name_Default_description
+
+        # Policy Attributes
+        Subject_Name_Default_attributes = [('name','string','NULL','Subject Name','NULL')]
+        common.policy_attributes(Policy_definition, Subject_Name_Default_attributes)
+
+        # Policy Parameters
+        if subjectDefault:
+            Subject_Name_Default_params = [('name',subjectDefault)]
+            common.policy_parameters(Policy_definition,Subject_Name_Default_params)
+    
+        # Policy Constraints
+        constraints.subjectNameConstraintImpl(Policy_Value,subjectPattern)
+        
+    else:
+        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
+        if subjectDefault:
+            Policy_Definition = Policy_Value[0]
+            Policy_Definition.set('classId', 'subjectNameDefaultImpl')
+            policy_param_name = etree.SubElement(Policy_Definition, 'params', name='name')
+            policy_param_value = etree.SubElement(policy_param_name, 'value').text=subjectDefault
+        if subjectPattern:
+            CurrentValue = Policy_Value.find('./constraint/constraint/value')
+            CurrentValue.text = subjectPattern
+        
+
+def Key_Usage_Default(root, PolicySet, keylist):
+    ''' This function defines Key Usage Default Policy '''
+
+    javaclass = 'keyUsageExtDefaultImpl'
+
+    result = common.check_policy(PolicySet, javaclass)
+
+    if result is False:
+        #Get Policy ID
+        pvalue = get_policyId(PolicySet)
+    
+        s1 = 'This default populates a Key Usage Extension (2.5.29.15) to the request,The default values are Criticality=true'
+        s2 = 'Digital Signature=true, Non-Repudiation=true,Key Encipherment=true, Data Encipherment=false, Key Agreement=false'
+        s3 = 'Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false'
+        Key_Usage_Default_description = s1 + s2 + s3
+    
+        # Policy Value
+        Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue)
+    
+        # Policy Definition
+        Policy_definition = etree.SubElement(Policy_Value, 'def', 
+              id='Key Usage Default',classId='keyUsageExtDefaultImpl')
+        Policy_description = etree.SubElement(Policy_definition, 'description').text = Key_Usage_Default_description
+
+        # Policy Attributes #name,syntax,constraint,description,defaultvalue
+        Key_Usage_Default_attributes = [
+                ('keyUsageCritical','boolean','NULL','Criticality','false'),
+                ('keyUsageDigitalSignature','boolean','NULL','Digital Signature','false'),
+                ('keyUsageNonRepudiation','boolean','NULL','Non-Repudiation','false'),
+                ('keyUsageKeyEncipherment','boolean','NULL','Key Encipherment','false'),
+                ('keyUsageDataEncipherment','boolean','NULL','Data Encipherment','false'),
+                ('keyUsageKeyAgreement','boolean','NULL','Key Agreement','false'),
+                ('keyUsageKeyCertSign','boolean','NULL','Key CertSign','false'),
+                ('keyUsageCrlSign','boolean','NULL','CRL Sign','false'),
+                ('keyUsageEncipherOnly','boolean','NULL','Encipher Only','false'),
+                ('keyUsageDecipherOnly','boolean','NULL','Decipher Only','false'),
+                ]
+        common.policy_attributes(Policy_definition, Key_Usage_Default_attributes)
+
+        # Policy Parameters
+        Key_Usage_Default_parms = [
+                ('keyUsageCritical', common.check_ext_key_usage(keylist,'keyUsageCritical')),
+                ('keyUsageDigitalSignature', common.check_ext_key_usage(keylist,'keyUsageDigitalSignature')),
+                ('keyUsageNonRepudiation', common.check_ext_key_usage(keylist,'keyUsageNonRepudiation')),
+                ('keyUsageKeyEncipherment', common.check_ext_key_usage(keylist,'keyUsageKeyEncipherment')),
+                ('keyUsageDataEncipherment', common.check_ext_key_usage(keylist,'keyUsageDataEncipherment')),
+                ('keyUsageKeyAgreement', common.check_ext_key_usage(keylist,'keyUsageKeyAgreement')),
+                ('keyUsageKeyCertSign', common.check_ext_key_usage(keylist,'keyUsageKeyCertSign')),
+                ('keyUsageCrlSign', common.check_ext_key_usage(keylist,'keyUsageCrlSign')),
+                ('keyUsageEncipherOnly', common.check_ext_key_usage(keylist,'keyUsageEncipherOnly')),
+                ('keyUsageDecipherOnly', common.check_ext_key_usage(keylist,'keyUsageDecipherOnly'))
+                ]
+        common.policy_parameters(Policy_definition,Key_Usage_Default_parms)
+        
+        # Policy Constraint
+        constraints.keyUsageExtConstraintImpl(Policy_Value,keylist)
+
+    else:
+
+        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
+        # Change Policy Parameters
+        mylist = re.split(',', keylist)
+        for v in mylist:
+            result_param = Policy_Value.find("./def/params[@name=\"%s\"]/value" % v)
+            result_param.text = 'true'
+        # Change Policy Constraints
+        for v in mylist:
+            result_constraint = Policy_Value.find("./constraint/constraint[@id=\"%s\"]/value" % v)
+            result_constraint.text = 'true'
+   
+def CA_Certificate_Validity_Default(root,PolicySet):
+
+    javaclass = 'caValidityDefaultImpl'
+    result = common.check_policy(PolicySet, javaclass)
+
+    if result is False:
+        #Get Policy ID
+        pvalue = get_policyId(PolicySet)
+        CA_Certificate_Validity_Default_description = 'This default populates a Certificate Validity to the request. The default values are Range=7305 in days'
+    
+        # Policy Value
+        Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue)
+
+        # Policy Definition
+        Policy_definition = etree.SubElement(Policy_Value, 'def', 
+                id='CA Certificate Validity Default', classId='caValidityDefaultImpl')
+        Policy_description = etree.SubElement(Policy_definition, 'description').text = CA_Certificate_Validity_Default_description
+   
+        # Policy Attributes
+        CA_Certificate_Validity_Default_attributes = [
+                ('notBefore','string','NULL','Not Before','NULL'),
+                ('notAfter','string','NULL','notAfter','NULL'),
+                ('bypassCAnotafter','boolean','NULL','Bypass CA notAfter constraint','false')]
+
+        common.policy_attributes(Policy_definition, CA_Certificate_Validity_Default_attributes)
+
+        # Policy Parameters
+        CA_Certificate_Validity_Default_params = [
+            ('range', '7305'),
+            ('startTime', '0'),
+            ('bypassCAnotafter', '')
+            ]
+        common.policy_parameters(Policy_definition,CA_Certificate_Validity_Default_params)
+
+        # Policy Constraints
+        constraints.validityConstraintImpl(Policy_Value, 365, 7305)
+
+    else:
+
+        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
+
+def Key_Default(root,PolicySet):
+
+    ''' This function Defines key default policy'''
+    javaclass = 'userKeyDefaultImpl'
+    result = common.check_policy(PolicySet, javaclass)
+    if result is False:
+
+        #Get Policy ID
+        pvalue = get_policyId(PolicySet)
+
+        # Description
+        Key_Default_description = 'This default populates a User-Supplied Certificate Key to the request'
+
+        # Policy Value
+        Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue)
+
+        ### Policy Defintion
+        Policy_definition = etree.SubElement(Policy_Value, 'def', id='Key Default', classId='userKeyDefaultImpl')
+        Policy_description = etree.SubElement(Policy_definition, 'description').text = Key_Default_description
+      
+        ### Policy Attributes
+        Key_Default_attributes = [
+                ('TYPE','string','readonly','Key Type','NULL'),
+                ('LEN','string','readonly','Key Length','NULL'),
+                ('KEY','string','readonly','Key','NULL')]
+    
+        common.policy_attributes(Policy_definition, Key_Default_attributes)
+        constraints.keyConstraintImpl(Policy_Value)
+    else:
+        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
+
+def Authority_Key_Identifier_Default(root,PolicySet):
+
+    ''' This function Defines Authority Key Identifier Default Policy'''
+    javaclass = 'authorityKeyIdentifierExtDefaultImpl'
+    result = common.check_policy(PolicySet, javaclass)
+    if result is False:
+
+        #Get Policy ID 
+        pvalue = get_policyId(PolicySet)
+
+        # Description
+        Authority_Key_Identifier_Default_description = 'This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.'
+
+        # Policy Value
+        Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue)
+
+        # Policy Definition
+        Policy_definition = etree.SubElement(Policy_Value, 'def', 
+                id='Authority Key Identifier Default', 
+             classId='authorityKeyIdentifierExtDefaultImpl')
+        Policy_description = etree.SubElement(Policy_definition, 'description').text = Authority_Key_Identifier_Default_description
+    
+        # Policy Attributes
+        Authority_Key_Identifier_Default_attributes = [
+                ('critical', 'string','readonly','Criticality','NULL'),
+                ('keyid', 'string', 'readonly', 'Key ID', 'NULL')
+                ]
+
+        common.policy_attributes(Policy_definition, Authority_Key_Identifier_Default_attributes)
+
+        # Constraint Definition
+        constraints.noConstraintImpl(Policy_Value)
+
+    else:
+        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
+
+def Basic_Constraints_Extension_Default(root,PolicySet,PathLength, isCA):
+    
+    ''' This function Defines Basic Constraints Extension Default Policy'''
+    javaclass = 'basicConstraintsExtDefaultImpl'
+    result = common.check_policy(PolicySet, javaclass)
+
+    if result is False:
+        #Get Policy ID 
+        pvalue = get_policyId(PolicySet)
+        
+        #Description
+        Basic_Constraints_Extension_Default_description = 'This default populates a Basic Constraints Extension (2.5.29.19) to the request.,The default values are Criticality=true, Is CA=true, Path Length=-1'
+
+        # Policy Value
+        Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue)
+
+        # Policy Definition
+        Policy_definition = etree.SubElement(Policy_Value, 'def',
+            id='Basic Constraints Extension Default',classId='basicConstraintsExtDefaultImpl')
+        Policy_description = etree.SubElement(Policy_definition, 'description').text = Basic_Constraints_Extension_Default_description
+
+        # Policy Attributes
+        Basic_Constraints_Extension_Default_attributes = [
+            ('basicConstraintsCritical', 'boolean', 'Criticality','false','NULL'),
+            ('basicConstraintsIsCA', 'boolean', 'Is CA', 'true', 'NULL'),
+            ('basicConstraintsPathLen', 'integer', 'Path Length', '-1', 'NULL')
+            ]
+
+        common.policy_attributes(Policy_definition, Basic_Constraints_Extension_Default_attributes)
+
+        # Policy Parameters
+        Basic_Constraints_Extension_Default_params = [
+            ('basicConstraintsCritical', 'true'),
+            ('basicConstraintsIsCA', isCA),
+            ('basicConstraintsPathLen', PathLength)
+            ]
+        common.policy_parameters(Policy_definition, Basic_Constraints_Extension_Default_params)
+        
+        # Constraint Definition
+        constraints.basicConstraintsCritical(Policy_Value,PathLength, isCA)
+
+    else:
+        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
+        basicConstraintsIsCA_params = Policy_Value.find('./def/params[@name="basicConstraintsIsCA"]')
+        basicConstraintsIsCA_params[0].text = isCA
+        basicConstraintsPathLen_params = Policy_Value.find('./def/params[@name="basicConstraintsPathLen"]')
+        basicConstraintsPathLen_params[0].text = PathLength
+
+        basicConstraintsIsCA_constraint = Policy_Value.find('./constraint/constraint[@id=basicConstraintsIsCA]/value')
+        basicConstraintsIsCA_constraint.text = isCA
+        basicConstraintsPathLen_constraint = Policy_Value.find('./constraint/constraint[@id="basicConstraintsMaxPathLen"]/value')
+        basicConstraintsPathLen_constraint.text = PathLength
+
+
+def Subject_Key_Identifier_Extension_Default(root,PolicySet):
+    ''' This function defines Subject Key Identifier Extension Default Policy '''
+
+    javaclass = 'subjectKeyIdentifierExtDefaultImpl'
+    result = common.check_policy(PolicySet, javaclass)
+
+    if result is False:
+        # Get Policy ID 
+        pvalue = get_policyId(PolicySet)
+        # Description
+        Subject_Key_Identifier_Extension_Default_description = 'This default populates a Subject Key Identifier Extension (2.5.29.14) to the request.'
+
+        # Policy Value
+        Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue)
+
+        # Policy Definition
+        Policy_definition = etree.SubElement(Policy_Value, 'def',
+            id='Subject Key Identifier Extension Default', classId='subjectKeyIdentifierExtDefaultImpl')
+        Policy_description = etree.SubElement(Policy_definition, 'description').text = Subject_Key_Identifier_Extension_Default_description
+
+        # Policy Attributes
+        Subject_Key_Identifier_Extension_Default_attributes = [
+            ('critical', 'string', 'readonly', 'Criticality', 'NULL'),
+            ('keyid', 'string', 'readonly', 'Key ID', 'NULL')]
+
+        common.policy_attributes(Policy_definition, Subject_Key_Identifier_Extension_Default_attributes)
+        # Policy Parameters
+        # None
+
+        # Constraint Definition
+        constraints.noConstraintImpl(Policy_Value)
+    else:
+        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
+
+def Signing_Alg(root,PolicySet):
+
+    ''' This Function defines Signing Algorithm Policy '''
+    javaclass = 'signingAlgDefaultImpl'
+
+    result = common.check_policy(PolicySet, javaclass)
+    if result is False:
+
+        #Get Policy ID 
+        pvalue = get_policyId(PolicySet)
+
+        #Description
+        Signing_Alg_description = 'This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA512withRSA'
+
+        # Policy Value
+        Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue)
+
+        #  Policy Definition
+        Policy_definition = etree.SubElement(Policy_Value, 'def',
+                id='Signing Alg', classId='signingAlgDefaultImpl')
+        Policy_description = etree.SubElement(Policy_definition, 'description').text = Signing_Alg_description
+
+        # Policy Attributes
+
+        Signing_Alg_attributes = [('signingAlg', 'choice','SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA', 
+        'Signing Algorithm', 'NULL')]
+        common.policy_attributes(Policy_definition, Signing_Alg_attributes)
+
+        # Policy Parameters
+        Signing_Alg_params = [('signingAlg', '-')]
+        common.policy_parameters(Policy_definition, Signing_Alg_params)
+
+        #Constraint
+        constraints.signingAlgConstraintImpl(Policy_Value)
+
+    else:
+        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
+
+
+
+def AIA_Extension_Default(root,PolicySet):
+    ''' This Function defines AIA Extension Default Policy '''
+
+    javaclass = 'authInfoAccessExtDefaultImpl'
+    result = common.check_policy(PolicySet, javaclass)
+
+    if result is False:
+        #Get Policy ID 
+        pvalue = get_policyId(PolicySet)
+
+        s1 = 'This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. '
+        s2 = 'The default values are Criticality=false,Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}'
+        AIA_Extension_description = s1 + s2
+
+        # Policy Value
+        Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue)
+
+        # Policy Definition
+        Policy_definition = etree.SubElement(Policy_Value, 'def',
+            id='AIA Extension Default', classId='authInfoAccessExtDefaultImpl')
+        Policy_description = etree.SubElement(Policy_definition, 'description').text = AIA_Extension_description
+
+        # Policy Attributes
+
+        AIA_Extension_Default_attributes = [
+            ('authInfoAccessCritical', 'boolean', 'NULL','Criticality','false'),
+            ('authInfoAccessGeneralNames', 'string_list', 'NULL', 'General Names', 'NULL')]
+
+        common.policy_attributes(Policy_definition, AIA_Extension_Default_attributes)
+
+        # Policy Parameters
+        AIA_Extension_Default_params = [
+            ('authInfoAccessCritical','false'),
+            ('authInfoAccessNumADs', '1'),
+            ('authInfoAccessADMethod_0', '1.3.6.1.5.5.7.48.1'),
+            ('authInfoAccessADLocationType_0', 'URIName'),
+            ('authInfoAccessADLocation_0', ''),
+            ('authInfoAccessADEnable_0', 'true')
+            ]
+        common.policy_parameters(Policy_definition, AIA_Extension_Default_params)
+
+        # Constraint
+        constraints.noConstraintImpl(Policy_Value)
+    else:
+        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
+
+def No_Default(root,PolicySet,notBefore,notAfter):
+
+    javaclass = 'noDefaultImpl'
+    result = common.check_policy(PolicySet, javaclass)
+
+    if result is False:
+
+        #Get Policy ID
+        pvalue = get_policyId(PolicySet)
+
+        # Description
+        No_Default_description = 'No Default'
+
+
+        # Policy Value
+        Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue)
+
+        #  Policy Definition
+        Policy_definition = etree.SubElement(Policy_Value, 'def',
+            id='No Default', classId='noDefaultImpl')
+        Policy_description = etree.SubElement(Policy_definition, 'description').text = No_Default_description
+
+        # Policy Attributes None
+        # Policy Parameters None
+    
+        #constraint
+        constraints.renewGracePeriodConstraintImpl(Policy_Value,notBefore,notAfter)
+
+    else:
+        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
+        NotBeforeDefaultValue = Policy_Value.find('./constraint[@id="Renewal Grace Period Constraint"]/constraint[@id="renewal.graceBefore"]/descriptor/DefaultValue')
+        NotBeforeDefaultValue.text = notBefore
+        NotBeforeValue = Policy_Value.find('./constraint[@id="Renewal Grace Period Constraint"]/constraint[@id="renewal.graceBefore"]/value')
+        NotBeforeValue.text = notBefore
+        
+        NotAfterDefaultValue = Policy_Value.find('./constraint[@id="Renewal Grace Period Constraint"]/constraint[@id="renewal.graceAfter"]/descriptor/DefaultValue')
+        NotAfterDefaultValue.text = notAfter
+        NotAfterValue = Policy_Value.find('./constraint[@id="Renewal Grace Period Constraint"]/constraint[@id="renewal.graceAfter"]/value')
+        NotAfterValue.text = notAfter
+
+
+def Validity_Default(root, PolicySet, defaultRange, range_value):
+
+    javaclass = 'validityDefaultImpl'
+    result = common.check_policy(PolicySet, javaclass)
+
+    if result is False:
+        #Get Policy ID
+        pvalue = get_policyId(PolicySet)
+
+        #Description
+        Validity_Default_description='This default populates a Certificate Validity to the request. The default values are Range=180 in days'
+
+        # Policy Value
+        Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue)
+
+        # Policy Definition
+        Policy_definition = etree.SubElement(Policy_Value, 'def',
+            id='Validity Default', classId='validityDefaultImpl')
+        Policy_description = etree.SubElement(Policy_definition, 'description').text = Validity_Default_description
+
+        # Policy Attributes
+        Validity_Default_attributes = [
+            ('notBefore', 'string', 'NULL', 'Not Before', 'NULL'),
+            ('notAfter', 'string', 'NULL', 'Not After', 'NULL')]
+
+        common.policy_attributes(Policy_definition, Validity_Default_attributes)
+        # Policy Parameters
+        Validity_Default_params = [
+            ('range', defaultRange),
+            ('startTime', '0')]
+
+        common.policy_parameters(Policy_definition, Validity_Default_params)
+
+        #Constraint 
+        constraints.validityConstraintImpl(Policy_Value, defaultRange, range_value)
+    else:
+        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
+        defaultRange_value = Policy_Value.find('./def/params[@name="range"]/value')
+        defaultRange_value.text = defaultRange
+
+        Constraint_DefaultValue = Policy_Value.find('./constraint[@id="Validity Constraint"]/constraint[@id="range"]/descriptor/DefaultValue')
+        Constraint_DefaultValue.text = range_value
+        Constraint_Value = Policy_Value.find('./constraint[@id="Validity Constraint"]/constraint[@id="range"]/value')
+        Constraint_Value.text = range_value
+
+def Extended_Key_Usage_Extension_Default(root,PolicySet):
+
+    javaclass = 'extendedKeyUsageExtDefaultImpl'
+    result = common.check_policy(PolicySet, javaclass)
+
+    if result is False:
+
+        #Get Policy ID
+        pvalue = get_policyId(PolicySet)
+        
+        #Description
+        s1 = 'This default populates an Extended Key Usage Extension () to the request.'
+        s2 = 'The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4'
+        Extended_Key_Usage_Extension_Default_Description = s1 + s2
+    
+        # policy Value
+        Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue)
+
+        # Policy Definition
+        Policy_definition = etree.SubElement(Policy_Value, 'def',
+            id='Extended Key Usage Extension Default', classId='extendedKeyUsageExtDefaultImpl')
+        Policy_description = etree.SubElement(Policy_definition, 'description').text = Extended_Key_Usage_Extension_Default_Description
+
+        # Policy Attributes
+        Extended_Key_Usage_Extension_Default_attributes = [
+            ('exKeyUsageCritical', 'boolean', 'NULL', 'Criticality', 'false'),
+            ('exKeyUsageOIDs', 'string_list', 'NULL', 'Comma-Separated list of Object Identifiers', 'false')]
+
+        common.policy_attributes(Policy_definition, Extended_Key_Usage_Extension_Default_attributes)
+
+        # Policy Parameters
+        Extended_Key_Usage_Extension_Default_params = [
+            ('exKeyUsageCritical','false'),
+            ('exKeyUsageOIDs', '1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4')]
+
+        common.policy_parameters(Policy_definition, Extended_Key_Usage_Extension_Default_params)
+
+        # Constraint
+        constraints.noConstraintImpl(Policy_Value)
+    else:
+        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
+
+def Subject_Alt_Name_Constraint(root,PolicySet,altType,altPattern):
+
+    javaclass = 'subjectAltNameExtDefaultImpl'
+    result = common.check_policy(PolicySet, javaclass)
+
+    if result is False:
+
+        #Get Policy ID
+        pvalue = get_policyId(PolicySet)
+
+        #Description
+        s1 = 'This default populates a Subject Alternative Name Extension (2.5.29.17) to the request.'
+        s2 = 'The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}'
+        Subject_Alt_Name_Constraint_description = s1 + s2
+
+        # Policy Value
+        Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue)
+
+        # Policy Definition
+        Policy_definition = etree.SubElement(Policy_Value, 'def',
+            id='Subject Alt Name Constraint', classId='subjectAltNameExtDefaultImpl')
+        Policy_description = etree.SubElement(Policy_definition, 'description').text = Subject_Alt_Name_Constraint_description
+
+        # Policy Attributes
+        Subject_Alt_Name_Constraint_attributes = [
+            ('subjAltNameExtCritical', 'boolean', 'NULL', 'Criticality', 'false'),
+            ('subjAltNames', 'string_list', 'NULL', 'General Names', 'NULL')]
+
+        common.policy_attributes(Policy_definition, Subject_Alt_Name_Constraint_attributes)
+
+        # Policy Parameters
+        Subject_Alt_Name_Constraint_params = [
+            ('subjAltNameExtCritical', 'false'),
+            ('subjAltNameNumGNs', '1'),
+            ('subjAltExtType_0', altType),
+            ('subjAltExtPattern_0', altPattern),
+            ('subjAltExtGNEnable_0', 'true')]
+
+        common.policy_parameters(Policy_definition, Subject_Alt_Name_Constraint_params)
+
+        # constraints
+        constraints.noConstraintImpl(Policy_Value)
+    else:
+        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
+        subjAltExtType_0_param = Policy_Value.find('./def/params[@name="subjAltExtType_0"]/value')
+        subjAltExtType_0_param.text = altType
+        subjAltExtPattern_0_param = Policy_Value.find('./def/params[@name="subjAltExtPattern_0"]/value')
+        subjAltExtPattern_0_param.text = altPattern
+
+
+def Generic_Extension(root,PolicySet):
+
+    javaclass = 'genericExtDefaultImpl'
+    result = common.check_policy(PolicySet, javaclass)
+
+    if result is False:
+        #Get Policy ID
+        pvalue = get_policyId(PolicySet)
+
+        #Description
+        s1 = 'This default populates a Generic Extension to the request. The default values are Criticality=, OID=1.2.840.113549.1.9.15,'
+        s2 = ' OID=1.2.840.113549.1.9.15, Value=' 
+        s3 = '3067300B06092A864886F70D010105300B06092A864886F70D01010B300B06092A864886F70D01010C300B06092A864886F70D01010D300A06082A864886F70D0307300B0609608648016503040102300B060960864801650304012A300B06092A864886F70D010101'
+        Generic_Extension_description = s1 + s2 + s3
+
+        # Policy Value
+        Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue)
+
+        # Policy Definition
+        Policy_definition = etree.SubElement(Policy_Value, 'def',
+            id='Generic Extension', classId='genericExtDefaultImpl')
+        Policy_description = etree.SubElement(Policy_definition, 'description').text = Generic_Extension_description
+        # Policy Attributes
+        Generic_Extension_attributes = [
+            ('genericExtCritical', 'boolean', 'NULL', 'Criticality', 'false'),
+            ('genericExtData', 'string_list', 'NULL', 'Extension Value', 'NULL')]
+
+        # Policy Parameters
+        Generic_Extension_params = [
+            ('genericExtCritical', ''),
+            ('genericExtOID', '1.2.840.113549.1.9.15'),
+            ('genericExtData', s3)]
+        common.policy_parameters(Policy_definition, Generic_Extension_params)
+
+        # Constraints
+        constraints.noConstraintImpl(Policy_Value)
+    else:
+        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
+
+def Netscape_Certificate_Type_Extension_Default(root,PolicySet,extlist):
+
+    javaclass = 'nsCertTypeExtDefaultImpl'
+    result = common.check_policy(PolicySet, javaclass)
+
+    if result is False:
+
+        #Get Policy ID
+        pvalue = get_policyId(PolicySet)
+
+        # Description
+        Netscape_Certificate_Type_Extension_Default_description = 'This default populates a Netscape Certificate Type Extension'
+
+        # Policy Value
+        Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue)
+
+        # Policy Definition
+        Policy_definition = etree.SubElement(Policy_Value, 'def',
+             id='Netscape Certificate Type Extension Default', classId='nsCertTypeExtDefaultImpl')
+        Policy_description = etree.SubElement(Policy_definition, 'description').text =  Netscape_Certificate_Type_Extension_Default_description
+    
+        # Policy Attributes
+        Netscape_Certificate_Type_Extension_Default_attributes = [
+            ('nsCertCritical', 'boolean', 'NULL', 'Criticality','false'),
+            ('nsCertSSLClient', 'boolean', 'NULL', 'SSL Client', 'false'),
+            ('nsCertSSLServer', 'boolean', 'NULL', 'SSL Server', 'false'),
+            ('nsCertEmail', 'boolean', 'NULL', 'Email', 'false'),
+            ('nsCertObjectSigning', 'boolean', 'NULL', 'Object Signing', 'false'),
+            ('nsCertSSLCA', 'boolean', 'NULL', 'SSL CA', 'false'),
+            ('nsCertEmailCA', 'boolean', 'NULL', 'Email CA', 'false'),
+            ('nsCertObjectSigningCA', 'boolean', 'NULL', 'Object Signing CA', 'false')]
+
+        # Policy Parameters
+        Netscape_Certificate_Type_Extension_Default_params = [
+            ('nsCertCritical', common.check_ext_key_usage(extlist, 'nsCertCritical')),
+            ('nsCertSSLClient', common.check_ext_key_usage(extlist, 'nsCertSSLClient')),
+            ('nsCertSSLServer', common.check_ext_key_usage(extlist, 'nsCertSSLServer')),
+            ('nsCertEmail', common.check_ext_key_usage(extlist, 'nsCertEmail')),
+            ('nsCertObjectSigning', common.check_ext_key_usage(extlist, 'nsCertObjectSigning')),
+            ('nsCertSSLCA', common.check_ext_key_usage(extlist, 'nsCertSSLCA')),
+            ('nsCertEmailCA', common.check_ext_key_usage(extlist, 'nsCertEmailCA')),
+            ('nsCertObjectSigningCA', common.check_ext_key_usage(extlist, 'nsCertObjectSigningCA'))]
+
+        common.policy_parameters(Policy_definition, Netscape_Certificate_Type_Extension_Default_params)
+
+        # Constraints
+        constraints.noConstraintImpl(Policy_Value)
+    else:
+        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
+        for v in extlist:
+            result = Policy_Value.find("./def/params[@name=\"%s\"]" % v)
+            result[0].text = 'true'
+
+def crl_Distribution_Points_Ext_Default(root,PolicySet,crlurl):
+
+    javaclass = 'crlDistributionPointsExtDefaultImpl'
+    result = common.check_policy(PolicySet, javaclass)
+    
+    if result is False:
+
+        #Get Policy ID
+        pvalue = get_policyId(PolicySet)
+
+        #Description
+        s1='This default populates a CRL Distribution Points Extension (2.5.29.31) to the request'
+        s2='The default values are Criticality=false, Record #0{Point Type:URIName,Point Name:http://localhost.localdomain:9180/ca/ee/ca/getCRL'
+        s3='?crlIssuingPoint=MasterCRL&op=getCRL&crlDisplayType=cachedCRL&submit=Submit,Reasons:,Issuer Type'
+        s4=':,Issuer Name:,Enable:true}'
+        clrDistribution_Point_Name = 'http://localhost.localdomain:9180/ca/ee/ca/getCRL?crlIssuingPoint=MasterCRL&op=getCRL&crlDisplayType=cachedCRL&submit=Submit'
+
+        # Policy Value
+        Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue)
+
+        Policy_definition = etree.SubElement(Policy_Value, 'def',
+                id='crlDistributionPointsExtDefaultImpl', classId='crlDistributionPointsExtDefaultImpl')
+        Policy_description = etree.SubElement(Policy_definition, 'description').text = s1 + s2 + s3 + s4
+
+        # Policy Attributes
+        crl_Distribution_Points_Ext_Default_attributes = [
+                ('crlDistPointsCritical', 'boolean', 'NULL', 'Criticality', 'false'),
+                ('crlDistPointsValue', 'string_list', 'NULL', 'CRL Distribution Points', 'NULL')]
+        # Params
+        crl_Distribution_Points_Ext_Default_params = [
+                ('crlDistPointsNum', '1'),
+                ('crlDistPointsPointType_0', 'URIName'),
+                ('crlDistPointsPointName_0', crlurl),
+                ('crlDistPointsReasons_0', 'NULL'),
+                ('crlDistPointsIssuerType_0', 'NULL'),
+                ('crlDistPointsIssuerName_0', 'NULL'),
+                ('crlDistPointsEnable_0', 'true')]
+        common.policy_parameters(Policy_definition, crl_Distribution_Points_Ext_Default_params)
+
+        #No Constraint
+        constraints.noConstraintImpl(Policy_Value)
+    else:
+        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
+        crlDistPointsPointName_value = Policy_Value.find('./def/params[@name="crlDistPointsPointName_0"]/value')
+        crlDistPointsPointName_value[0].text = crlurl
+
+def User_Supplied_Extension_Default(root,PolicySet,ExtOID):
+
+    javaclass = 'userExtensionDefaultImpl'
+    result = common.check_policy(PolicySet, javaclass)
+
+    if result is False:
+        # Get Policy ID
+        pvalue = get_policyId(PolicySet)
+
+        # Description
+        s1 = 'This default populates a User-Supplied Extension (%s) to the request.', ExtOID
+
+        # Policy Value
+        Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue)
+
+        # Policy Definition
+        Policy_definition = etree.SubElement(Policy_Value, 'def',
+                id='User Supplied Extension Default', classid='userExtensionDefaultImpl')
+        Policy_description = etree.SubElement(Policy_definition, 'description').text = s1
+
+        # Policy Attributes
+        User_Supplied_Extension_Default_attributes = [('userExtOID', 'string', 'readonly', 'Object Identifier', 'NULL')]
+
+        # Policy Params
+        User_Supplied_Extension_Default_params = [('userExtOID', ExtOID)]
+        common.policy_parameters(Policy_definition, User_Supplied_Extension_Default_params)
+
+        # No Constraint
+        constraints.noConstraintImpl(Policy_Value)
+    else:
+        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
+        userExtOID_param = Policy_Value.find('./def/params[@name="userExtOID"]/value')
+        userExtOID_param.text = ExtOID