summaryrefslogtreecommitdiffstats
path: root/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java
diff options
context:
space:
mode:
Diffstat (limited to 'base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java')
-rw-r--r--base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java215
1 files changed, 0 insertions, 215 deletions
diff --git a/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java b/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java
deleted file mode 100644
index 88c59b2fd..000000000
--- a/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java
+++ /dev/null
@@ -1,215 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.constraints;
-
-import java.util.Date;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.x509.CertificateValidity;
-import netscape.security.x509.RevocationReason;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.policy.EPolicyException;
-import com.netscape.certsrv.policy.IRevocationPolicy;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * Whether to allow revocation of an expired cert.
- * <P>
- *
- * <PRE>
- * NOTE: The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class RevocationConstraints extends APolicyRule
- implements IRevocationPolicy, IExtendedPluginInfo {
- private static final String PROP_ALLOW_EXPIRED_CERTS = "allowExpiredCerts";
- private static final String PROP_ALLOW_ON_HOLD = "allowOnHold";
-
- private boolean mAllowExpiredCerts = true;
- private boolean mAllowOnHold = true;
-
- private final static Vector<String> defConfParams = new Vector<String>();
- static {
- defConfParams.addElement(PROP_ALLOW_EXPIRED_CERTS + "=" + true);
- defConfParams.addElement(PROP_ALLOW_ON_HOLD + "=" + true);
- }
-
- public RevocationConstraints() {
- NAME = "RevocationConstraints";
- DESC = "Whether to allow revocation of expired certs and on-hold.";
- }
-
- public String[] getExtendedPluginInfo(Locale locale) {
- String[] params = {
- PROP_ALLOW_EXPIRED_CERTS + ";boolean;Allow a user to revoke an already-expired certificate",
- PROP_ALLOW_ON_HOLD + ";boolean;Allow a user to set reason to On-Hold",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-revocationconstraints",
- IExtendedPluginInfo.HELP_TEXT +
- ";Allow administrator to decide policy on whether to allow " +
- "recovation of expired certificates" +
- "and set reason to On-Hold"
-
- };
-
- return params;
-
- }
-
- /**
- * Initializes this policy rule.
- * <P>
- *
- * The entries probably are of the form:
- *
- * ra.Policy.rule.<ruleName>.implName=ValidityConstraints ra.Policy.rule.<ruleName>.enable=true
- * ra.Policy.rule.<ruleName>.allowExpiredCerts=true
- *
- * @param config The config store reference
- */
- public void init(ISubsystem owner, IConfigStore config)
- throws EPolicyException {
- // Get min and max validity in days and onfigure them.
- try {
- mAllowExpiredCerts =
- config.getBoolean(PROP_ALLOW_EXPIRED_CERTS, true);
- mAllowOnHold =
- config.getBoolean(PROP_ALLOW_ON_HOLD, true);
- } catch (EBaseException e) {
- // never happen.
- }
-
- CMS.debug("RevocationConstraints: allow expired certs " + mAllowExpiredCerts);
- CMS.debug("RevocationConstraints: allow on hold " + mAllowOnHold);
- }
-
- /**
- * Applies the policy on the given Request.
- * <P>
- *
- * @param req The request on which to apply policy.
- * @return The policy result object.
- */
- public PolicyResult apply(IRequest req) {
- CMS.debug("RevocationConstraints: apply begins");
- if (req.getExtDataInInteger(IRequest.REVOKED_REASON) == null) {
- CMS.debug("RevocationConstraints: apply: no revocationReason found in request");
- return PolicyResult.REJECTED;
- }
- RevocationReason rr = RevocationReason.fromInt(
- req.getExtDataInInteger(IRequest.REVOKED_REASON).intValue());
-
- if (!mAllowOnHold && (rr != null)) {
- int reason = rr.toInt();
-
- if (reason == RevocationReason.CERTIFICATE_HOLD.toInt()) {
- String params[] = { getInstanceName() };
-
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_ON_HOLD_ALLOWED", params), "");
- return PolicyResult.REJECTED;
- }
- }
-
- if (mAllowExpiredCerts)
- // nothing to check.
- return PolicyResult.ACCEPTED;
-
- PolicyResult result = PolicyResult.ACCEPTED;
-
- try {
- // Get the certificates being renwed.
- X509CertImpl[] oldCerts =
- req.getExtDataInCertArray(IRequest.OLD_CERTS);
-
- if (oldCerts == null) {
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_OLD_CERT"),
- getInstanceName());
- return PolicyResult.REJECTED;
- }
-
- // check if each cert to be renewed is expired.
- for (int i = 0; i < oldCerts.length; i++) {
- X509CertInfo oldCertInfo = (X509CertInfo)
- oldCerts[i].get(
- X509CertImpl.NAME + "." + X509CertImpl.INFO);
- CertificateValidity oldValidity = (CertificateValidity)
- oldCertInfo.get(X509CertInfo.VALIDITY);
- Date notAfter = (Date)
- oldValidity.get(CertificateValidity.NOT_AFTER);
-
- // Is the Certificate still valid?
- Date now = CMS.getCurrentDate();
-
- if (notAfter.before(now)) {
- String params[] = { getInstanceName() };
-
- setError(req,
- CMS.getUserMessage("CMS_POLICY_CANNOT_REVOKE_EXPIRED_CERTS",
- params), "");
- result = PolicyResult.REJECTED;
- break;
- }
- }
-
- } catch (Exception e) {
- String params[] = { getInstanceName(), e.toString() };
-
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
- result = PolicyResult.REJECTED;
- }
- return result;
- }
-
- /**
- * Return configured parameters for a policy rule instance.
- *
- * @return nvPairs A Vector of name/value pairs.
- */
- public Vector<String> getInstanceParams() {
- Vector<String> confParams = new Vector<String>();
-
- confParams.addElement(
- PROP_ALLOW_EXPIRED_CERTS + "=" + mAllowExpiredCerts);
- confParams.addElement(
- PROP_ALLOW_ON_HOLD + "=" + mAllowOnHold);
- return confParams;
- }
-
- /**
- * Return default parameters for a policy implementation.
- *
- * @return nvPairs A Vector of name/value pairs.
- */
- public Vector<String> getDefaultParams() {
- return defConfParams;
- }
-}
generated by cgit (git 2.34.1) at 2024-07-04 12:33:17 +0000