summaryrefslogtreecommitdiffstats
path: root/base/common/src/com/netscape/cmscore/policy/GenericPolicyProcessor.java
diff options
context:
space:
mode:
Diffstat (limited to 'base/common/src/com/netscape/cmscore/policy/GenericPolicyProcessor.java')
-rw-r--r--base/common/src/com/netscape/cmscore/policy/GenericPolicyProcessor.java82
1 files changed, 41 insertions, 41 deletions
diff --git a/base/common/src/com/netscape/cmscore/policy/GenericPolicyProcessor.java b/base/common/src/com/netscape/cmscore/policy/GenericPolicyProcessor.java
index 05f8e111a..823c416dc 100644
--- a/base/common/src/com/netscape/cmscore/policy/GenericPolicyProcessor.java
+++ b/base/common/src/com/netscape/cmscore/policy/GenericPolicyProcessor.java
@@ -55,11 +55,11 @@ import com.netscape.cmscore.util.Debug;
* Renewal, Revocation and KeyRecovery and KeyArchival.
* 2. To apply the configured policies on the given request.
* 3. To enable policy listing/configuration via MCC console.
- *
+ *
* Since the policy processor also implements the IPolicy interface
* the processor itself presents itself as one big policy to the
* request processor.
- *
+ *
* @deprecated
* @author kanda
* @version $Revision$, $Date$
@@ -126,7 +126,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
/**
* Returns the configuration store.
* <P>
- *
+ *
* @return configuration store
*/
public IConfigStore getConfigStore() {
@@ -136,7 +136,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
/**
* Initializes the PolicyProcessor
* <P>
- *
+ *
* @param owner owner of this subsystem
* @param config configuration of this subsystem
* @exception EBaseException failed to initialize this Subsystem.
@@ -323,7 +323,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
} catch (Throwable e) {
mAuthority.log(ILogger.LL_FAILURE,
CMS.getLogMessage("CMSCORE_POLICY_INIT_FAILED", instanceName, e.toString()));
- // disable rule initialized if there is
+ // disable rule initialized if there is
// configuration error
enabled = false;
c.putString(PROP_ENABLE, "false");
@@ -372,7 +372,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
/**
* Apply policies on the given request.
- *
+ *
* @param IRequest The given request
* @return The policy result object.
*/
@@ -384,9 +384,9 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
if (op == null) {
CMS.debug("GenericPolicyProcessor: apply op null");
// throw new AssertionException("Missing operation type in request. Can't happen!");
- // Return ACCEPTED for now. Looks like even get CA chain
- // is being passed in here with request type set elsewhere
- // on the request.
+ // Return ACCEPTED for now. Looks like even get CA chain
+ // is being passed in here with request type set elsewhere
+ // on the request.
return PolicyResult.ACCEPTED;
}
if (isProfileRequest(req)) {
@@ -920,7 +920,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
// Predicate for the persistent rule can't be changed.
ht.put(IPolicyRule.PROP_ENABLE, String.valueOf(active));
- // put old config store parameters first.
+ // put old config store parameters first.
for (Enumeration<String> oldkeys = oldStore.keys(); oldkeys.hasMoreElements();) {
String k = (String) oldkeys.nextElement();
String v = (String) oldStore.getString(k);
@@ -957,7 +957,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
// Try to initialize this rule.
newRule.init(this, newStore);
- // If we are successfully initialized, replace the rule
+ // If we are successfully initialized, replace the rule
// instance
policyInstance.setRule(newRule);
policyInstance.setActive(active);
@@ -1161,26 +1161,26 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
/**
* Initializes the default system policies. Currently there is only
* one policy - ManualAuthentication. More may be added later on.
- *
+ *
* The default policies may be disabled - for example to over-ride
* agent approval for testing the system by setting the following
* property in the config file:
- *
+ *
* <subsystemId>.Policy.systemPolicies.enable=false
- *
+ *
* By default the value for this property is true.
- *
+ *
* Users can over-ride the default system policies by listing their
* 'custom' system policies under the following property:
- *
+ *
* <subsystemId>.Policy.systemPolicies=<system policy1 class path>,
* <system policy2 class path>
- *
+ *
* There can only be one instance of the system policy in the system
* and will apply to all requests, and hence predicates are not used
* for a system policy. Due to the same reason, these properties are
* not configurable using the Console.
- *
+ *
* A System policy may read config properties from a subtree under
* <subsystemId>.Policy.systemPolicies.<ClassName>. An example is
* ra.Policy.systemPolicies.ManualAuthentication.param1=value
@@ -1221,7 +1221,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
mSystemDefaults = DEF_POLICIES;
}
- // Now Initialize the rules. These defaults have only one
+ // Now Initialize the rules. These defaults have only one
// instance and the rule name is the name of the class itself.
// Any configuration parameters required could be read from
// <subsystemId>.Policy.default.RuleName.
@@ -1268,84 +1268,84 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
/**
* Read list of undeletable policies if any configured in the
* system.
- *
+ *
* These are required to protect the system from being misconfigured
* to the point that the requests wouldn't serialize or certain
* fields in the certificate(s) being checked will go unchecked
* ..etc.
- *
+ *
* For now the following policies are undeletable:
- *
+ *
* DirAuthRule: This is a default DirectoryAuthentication policy
* for user certificates that interprets directory
* credentials. The presence of this policy is needed
* if the OOTB DirectoryAuthentication-based automatic
* certificate issuance is supported.
- *
+ *
* DefaultUserNameRule: This policy verifies/sets subjectDn for user
* certificates.
- *
+ *
* DefaultServerNameRule: This policy verifies/sets subjectDn for
* server certificates.
- *
+ *
* DefaultValidityRule: Verifies/sets validty for all certificates.
- *
+ *
* DefaultRenewalValidityRule: Verifies/sets validity for certs being
* renewed.
- *
+ *
* The 'undeletables' cannot be deleted from the config file, nor
* can the be disabled. If any predicates are associated with them
* the predicates can't be changed either. But, other config parameters
* such as maxValidity, renewalInterval ..etc can be changed to suit
* local policy requirements.
- *
+ *
* During start up the policy processor will verify if the undeletables
* are present, and that they are enabled and that their predicates are
* not changed.
- *
+ *
* The rules mentioned above are currently hard coded. If these need to
* read from the config file, the 'undeletables' can be configured as
* as follows:
- *
+ *
* <subsystemId>.Policy.undeletablePolicies=<comma separated rule names>
* Example:
* ra.Policy.undeletablePolicies=DirAuthRule, DefaultUserNameRule, DefaultServerNameRule, DefaultValidityRule,
* DefaultRenewalValidityRule
- *
+ *
* The predicates if any associated with them may be configured as
* follows:
* <subsystemId>.Policy.undeletablePolicies.DirAuthRule.predicate= certType == client.
- *
+ *
* where subsystemId is ra or ca.
- *
+ *
* If the undeletables are configured in the file,the configured entries
* take precedence over the hardcoded ones in this file. If you are
* configuring them in the file, please remember to configure the
* predicates if applicable.
- *
+ *
* During policy configuration from MCC, the policy processor will not
* let you delete an 'undeletable', nor will it let you disable it.
* You will not be able to change the predicate either. Other parameters
* can be configured as needed.
- *
+ *
* If a particular rule needs to be removed from the 'undeletables',
* either remove it from the hard coded list above, or configure the
* rules required rules only via the config file. The former needs
* recompilation of the source. The later is flexible to be able to
* make any rule an 'undeletable' or nor an 'undeletable'.
- *
+ *
* Example: We want to use only manual forms for enrollment.
* We do n't need to burn in DirAuthRule. We need to configure all
* other rules except the DirAuthRule as follows:
- *
+ *
* ra.Policy.undeletablePolicies = DefaultUserNameRule, DefaultServerNameRule, DefaultValidityRule,
* DefaultRenewalValidityRule
- *
+ *
* The following predicates are necessary:
- *
+ *
* ra.Policy.undeletablePolicies.DefaultUserNameRule.predicate = certType == client
* ra.Policy.undeletablePolicies.DefaultServerNameRule.predicate = certType == server
- *
+ *
* The other two rules do not have any predicates.
*/
private void initUndeletablePolicies(IConfigStore mConfig)
@@ -1375,7 +1375,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
return;
}
- // For each rule read from the config file, see if any
+ // For each rule read from the config file, see if any
// predicate is set.
mUndeletablePolicies = new Hashtable<String, IExpression>();
for (Enumeration<String> e = rules.elements(); e.hasMoreElements();) {
generated by cgit (git 2.34.1) at 2024-05-26 01:13:03 +0000