diff options
Diffstat (limited to 'base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java')
-rw-r--r-- | base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java | 509 |
1 files changed, 509 insertions, 0 deletions
diff --git a/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java b/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java new file mode 100644 index 000000000..286913c5a --- /dev/null +++ b/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java @@ -0,0 +1,509 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.profile.def; + + +import java.io.*; +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.profile.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.property.*; +import com.netscape.certsrv.apps.*; + +import netscape.security.x509.*; +import com.netscape.cms.profile.common.*; + + +/** + * This class implements an enrollment default policy + * that populates a Key Usage extension + * into the certificate template. + * + * @version $Revision$, $Date$ + */ +public class KeyUsageExtDefault extends EnrollExtDefault { + + public static final String CONFIG_CRITICAL = "keyUsageCritical"; + public static final String CONFIG_DIGITAL_SIGNATURE = + "keyUsageDigitalSignature"; + public static final String CONFIG_NON_REPUDIATION = + "keyUsageNonRepudiation"; + public static final String CONFIG_KEY_ENCIPHERMENT = + "keyUsageKeyEncipherment"; + public static final String CONFIG_DATA_ENCIPHERMENT = + "keyUsageDataEncipherment"; + public static final String CONFIG_KEY_AGREEMENT = "keyUsageKeyAgreement"; + public static final String CONFIG_KEY_CERTSIGN = "keyUsageKeyCertSign"; + public static final String CONFIG_CRL_SIGN = "keyUsageCrlSign"; + public static final String CONFIG_ENCIPHER_ONLY = "keyUsageEncipherOnly"; + public static final String CONFIG_DECIPHER_ONLY = "keyUsageDecipherOnly"; + + public static final String VAL_CRITICAL = "keyUsageCritical"; + public static final String VAL_DIGITAL_SIGNATURE = + "keyUsageDigitalSignature"; + public static final String VAL_NON_REPUDIATION = + "keyUsageNonRepudiation"; + public static final String VAL_KEY_ENCIPHERMENT = + "keyUsageKeyEncipherment"; + public static final String VAL_DATA_ENCIPHERMENT = + "keyUsageDataEncipherment"; + public static final String VAL_KEY_AGREEMENT = "keyUsageKeyAgreement"; + public static final String VAL_KEY_CERTSIGN = "keyUsageKeyCertSign"; + public static final String VAL_CRL_SIGN = "keyUsageCrlSign"; + public static final String VAL_ENCIPHER_ONLY = "keyUsageEncipherOnly"; + public static final String VAL_DECIPHER_ONLY = "keyUsageDecipherOnly"; + + public KeyUsageExtDefault() { + super(); + addValueName(VAL_CRITICAL); + addValueName(VAL_DIGITAL_SIGNATURE); + addValueName(VAL_NON_REPUDIATION); + addValueName(VAL_KEY_ENCIPHERMENT); + addValueName(VAL_DATA_ENCIPHERMENT); + addValueName(VAL_KEY_AGREEMENT); + addValueName(VAL_KEY_CERTSIGN); + addValueName(VAL_CRL_SIGN); + addValueName(VAL_ENCIPHER_ONLY); + addValueName(VAL_DECIPHER_ONLY); + + addConfigName(CONFIG_CRITICAL); + addConfigName(CONFIG_DIGITAL_SIGNATURE); + addConfigName(CONFIG_NON_REPUDIATION); + addConfigName(CONFIG_KEY_ENCIPHERMENT); + addConfigName(CONFIG_DATA_ENCIPHERMENT); + addConfigName(CONFIG_KEY_AGREEMENT); + addConfigName(CONFIG_KEY_CERTSIGN); + addConfigName(CONFIG_CRL_SIGN); + addConfigName(CONFIG_ENCIPHER_ONLY); + addConfigName(CONFIG_DECIPHER_ONLY); + } + + public void init(IProfile profile, IConfigStore config) + throws EProfileException { + super.init(profile, config); + } + + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_CRITICAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); + } else if (name.equals(CONFIG_DIGITAL_SIGNATURE)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_DIGITAL_SIGNATURE")); + } else if (name.equals(CONFIG_NON_REPUDIATION)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_NON_REPUDIATION")); + } else if (name.equals(CONFIG_KEY_ENCIPHERMENT)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ENCIPHERMENT")); + } else if (name.equals(CONFIG_DATA_ENCIPHERMENT)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_DATA_ENCIPHERMENT")); + } else if (name.equals(CONFIG_KEY_AGREEMENT)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_KEY_AGREEMENT")); + } else if (name.equals(CONFIG_KEY_CERTSIGN)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_KEY_CERTSIGN")); + } else if (name.equals(CONFIG_CRL_SIGN)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_CRL_SIGN")); + } else if (name.equals(CONFIG_ENCIPHER_ONLY)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_ENCIPHER_ONLY")); + } else if (name.equals(CONFIG_DECIPHER_ONLY)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_DECIPHER_ONLY")); + } else { + return null; + } + } + + public IDescriptor getValueDescriptor(Locale locale, String name) { + if (name.equals(VAL_CRITICAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); + } else if (name.equals(VAL_DIGITAL_SIGNATURE)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_DIGITAL_SIGNATURE")); + } else if (name.equals(VAL_NON_REPUDIATION)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_NON_REPUDIATION")); + } else if (name.equals(VAL_KEY_ENCIPHERMENT)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ENCIPHERMENT")); + } else if (name.equals(VAL_DATA_ENCIPHERMENT)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_DATA_ENCIPHERMENT")); + } else if (name.equals(VAL_KEY_AGREEMENT)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_KEY_AGREEMENT")); + } else if (name.equals(VAL_KEY_CERTSIGN)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_KEY_CERTSIGN")); + } else if (name.equals(VAL_CRL_SIGN)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_CRL_SIGN")); + } else if (name.equals(VAL_ENCIPHER_ONLY)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_ENCIPHER_ONLY")); + } else if (name.equals(VAL_DECIPHER_ONLY)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_DECIPHER_ONLY")); + } else { + return null; + } + } + + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { + try { + KeyUsageExtension ext = null; + + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); + } + + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + + if(ext == null) { + populate(null,info); + + } + + if (name.equals(VAL_CRITICAL)) { + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + boolean val = Boolean.valueOf(value).booleanValue(); + + if(ext == null) { + return; + } + ext.setCritical(val); + } else if (name.equals(VAL_DIGITAL_SIGNATURE)) { + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + if(ext == null) { + return; + } + Boolean val = Boolean.valueOf(value); + + ext.set(KeyUsageExtension.DIGITAL_SIGNATURE, val); + } else if (name.equals(VAL_NON_REPUDIATION)) { + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + if(ext == null) { + return; + } + Boolean val = Boolean.valueOf(value); + + ext.set(KeyUsageExtension.NON_REPUDIATION, val); + } else if (name.equals(VAL_KEY_ENCIPHERMENT)) { + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + if(ext == null) { + return; + } + Boolean val = Boolean.valueOf(value); + + ext.set(KeyUsageExtension.KEY_ENCIPHERMENT, val); + } else if (name.equals(VAL_DATA_ENCIPHERMENT)) { + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + if(ext == null) { + return; + } + Boolean val = Boolean.valueOf(value); + + ext.set(KeyUsageExtension.DATA_ENCIPHERMENT, val); + } else if (name.equals(VAL_KEY_AGREEMENT)) { + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + if(ext == null) { + return; + } + Boolean val = Boolean.valueOf(value); + + ext.set(KeyUsageExtension.KEY_AGREEMENT, val); + } else if (name.equals(VAL_KEY_CERTSIGN)) { + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + if(ext == null) { + return; + } + Boolean val = Boolean.valueOf(value); + + ext.set(KeyUsageExtension.KEY_CERTSIGN, val); + } else if (name.equals(VAL_CRL_SIGN)) { + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + if(ext == null) { + return; + } + Boolean val = Boolean.valueOf(value); + + ext.set(KeyUsageExtension.CRL_SIGN, val); + } else if (name.equals(VAL_ENCIPHER_ONLY)) { + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + if(ext == null) { + return; + } + Boolean val = Boolean.valueOf(value); + + ext.set(KeyUsageExtension.ENCIPHER_ONLY, val); + } else if (name.equals(VAL_DECIPHER_ONLY)) { + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + if(ext == null) { + return; + } + Boolean val = Boolean.valueOf(value); + + ext.set(KeyUsageExtension.DECIPHER_ONLY, val); + } else { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); + } + + replaceExtension(PKIXExtensions.KeyUsage_Id.toString(), ext, info); + } catch (IOException e) { + CMS.debug("KeyUsageExtDefault: setValue " + e.toString()); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); + } catch (EProfileException e) { + CMS.debug("KeyUsageExtDefault: setValue " + e.toString()); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); + } + } + + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { + try { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); + } + + KeyUsageExtension ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + + if(ext == null) + { + try { + populate(null,info); + + } catch (EProfileException e) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); + } + + } + + if (name.equals(VAL_CRITICAL)) { + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + + if (ext == null) { + return null; + } + if (ext.isCritical()) { + return "true"; + } else { + return "false"; + } + } else if (name.equals(VAL_DIGITAL_SIGNATURE)) { + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + if (ext == null) { + return null; + } + + Boolean val = (Boolean) + ext.get(KeyUsageExtension.DIGITAL_SIGNATURE); + + return val.toString(); + } else if (name.equals(VAL_NON_REPUDIATION)) { + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + if (ext == null) { + return null; + } + Boolean val = (Boolean) + ext.get(KeyUsageExtension.NON_REPUDIATION); + + return val.toString(); + } else if (name.equals(VAL_KEY_ENCIPHERMENT)) { + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + if (ext == null) { + return null; + } + Boolean val = (Boolean) + ext.get(KeyUsageExtension.KEY_ENCIPHERMENT); + + return val.toString(); + } else if (name.equals(VAL_DATA_ENCIPHERMENT)) { + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + if (ext == null) { + return null; + } + Boolean val = (Boolean) + ext.get(KeyUsageExtension.DATA_ENCIPHERMENT); + + return val.toString(); + } else if (name.equals(VAL_KEY_AGREEMENT)) { + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + if (ext == null) { + return null; + } + Boolean val = (Boolean) + ext.get(KeyUsageExtension.KEY_AGREEMENT); + + return val.toString(); + } else if (name.equals(VAL_KEY_CERTSIGN)) { + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + if (ext == null) { + return null; + } + Boolean val = (Boolean) + ext.get(KeyUsageExtension.KEY_CERTSIGN); + + return val.toString(); + } else if (name.equals(VAL_CRL_SIGN)) { + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + if (ext == null) { + return null; + } + Boolean val = (Boolean) + ext.get(KeyUsageExtension.CRL_SIGN); + + return val.toString(); + } else if (name.equals(VAL_ENCIPHER_ONLY)) { + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + if (ext == null) { + return null; + } + Boolean val = (Boolean) + ext.get(KeyUsageExtension.ENCIPHER_ONLY); + + return val.toString(); + } else if (name.equals(VAL_DECIPHER_ONLY)) { + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + if (ext == null) { + return null; + } + Boolean val = (Boolean) + ext.get(KeyUsageExtension.DECIPHER_ONLY); + + return val.toString(); + } else { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); + } + } catch (IOException e) { + CMS.debug("KeyUsageExtDefault: getValue " + e.toString()); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); + } + } + + public String getText(Locale locale) { + String params[] = { + getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_DIGITAL_SIGNATURE), + getConfig(CONFIG_NON_REPUDIATION), + getConfig(CONFIG_KEY_ENCIPHERMENT), + getConfig(CONFIG_DATA_ENCIPHERMENT), + getConfig(CONFIG_KEY_AGREEMENT), + getConfig(CONFIG_KEY_CERTSIGN), + getConfig(CONFIG_CRL_SIGN), + getConfig(CONFIG_ENCIPHER_ONLY), + getConfig(CONFIG_DECIPHER_ONLY) + }; + + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_KEY_USAGE_EXT", params); + + } + + /** + * Populates the request with this policy default. + */ + public void populate(IRequest request, X509CertInfo info) + throws EProfileException { + KeyUsageExtension ext = createKeyUsageExtension(); + + addExtension(PKIXExtensions.KeyUsage_Id.toString(), ext, info); + } + + public KeyUsageExtension createKeyUsageExtension() { + KeyUsageExtension ext = null; + boolean[] bits = new boolean[KeyUsageExtension.NBITS]; + + boolean critical = getConfigBoolean(CONFIG_CRITICAL); + + bits[0] = getConfigBoolean(CONFIG_DIGITAL_SIGNATURE); + bits[1] = getConfigBoolean(CONFIG_NON_REPUDIATION); + bits[2] = getConfigBoolean(CONFIG_KEY_ENCIPHERMENT); + bits[3] = getConfigBoolean(CONFIG_DATA_ENCIPHERMENT); + bits[4] = getConfigBoolean(CONFIG_KEY_AGREEMENT); + bits[5] = getConfigBoolean(CONFIG_KEY_CERTSIGN); + bits[6] = getConfigBoolean(CONFIG_CRL_SIGN); + bits[7] = getConfigBoolean(CONFIG_ENCIPHER_ONLY); + bits[8] = getConfigBoolean(CONFIG_DECIPHER_ONLY); + try { + ext = new KeyUsageExtension(critical, bits); + } catch (Exception e) { + CMS.debug("KeyUsageExtDefault: createKeyUsageExtension " + + e.toString()); + } + return ext; + } +} |