diff options
Diffstat (limited to 'base/server/cms/src/com/netscape/cms/profile')
5 files changed, 45 insertions, 31 deletions
diff --git a/base/server/cms/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java b/base/server/cms/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java index c0a9758da..b0cc927b2 100644 --- a/base/server/cms/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java +++ b/base/server/cms/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java @@ -17,11 +17,12 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; -import netscape.security.x509.X509CertImpl; - import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.ca.ICertificateAuthority; +import netscape.security.x509.X509CertImpl; + /** * This class represents an abstract class for CA enrollment * constraint. @@ -38,7 +39,7 @@ public abstract class CAEnrollConstraint extends EnrollConstraint { /** * Retrieves the CA certificate. */ - public X509CertImpl getCACert() { + public X509CertImpl getCACert() throws EBaseException { ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); X509CertImpl caCert = ca.getCACert(); diff --git a/base/server/cms/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java b/base/server/cms/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java index a7a159de3..77585c076 100644 --- a/base/server/cms/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java +++ b/base/server/cms/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java @@ -21,11 +21,8 @@ import java.io.IOException; import java.util.Date; import java.util.Locale; -import netscape.security.x509.CertificateValidity; -import netscape.security.x509.X509CertImpl; -import netscape.security.x509.X509CertInfo; - import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.profile.EProfileException; import com.netscape.certsrv.profile.ERejectException; @@ -37,6 +34,10 @@ import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserValidityDefault; import com.netscape.cms.profile.def.ValidityDefault; +import netscape.security.x509.CertificateValidity; +import netscape.security.x509.X509CertImpl; +import netscape.security.x509.X509CertInfo; + /** * This class implements the validity constraint. * It checks if the validity in the certificate @@ -56,7 +57,12 @@ public class CAValidityConstraint extends CAEnrollConstraint { public void init(IProfile profile, IConfigStore config) throws EProfileException { super.init(profile, config); - X509CertImpl caCert = getCACert(); + X509CertImpl caCert; + try { + caCert = getCACert(); + } catch (EBaseException e) { + throw new EProfileException(e); + } mDefNotBefore = caCert.getNotBefore(); mDefNotAfter = caCert.getNotAfter(); diff --git a/base/server/cms/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java b/base/server/cms/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java index bd71a4ef8..e2208aba7 100644 --- a/base/server/cms/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java +++ b/base/server/cms/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java @@ -21,6 +21,7 @@ import java.io.IOException; import java.util.Locale; import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.ca.AuthorityID; import com.netscape.certsrv.ca.ICertificateAuthority; @@ -173,12 +174,17 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { if (ca == null) throw new EProfileException("Could not reach requested CA"); - AuthorityKeyIdentifierExtension ext = createExtension(ca, info); + AuthorityKeyIdentifierExtension ext; + try { + ext = createExtension(ca, info); + } catch (EBaseException e) { + throw new EProfileException(e); + } addExtension(PKIXExtensions.AuthorityKey_Id.toString(), ext, info); } public AuthorityKeyIdentifierExtension createExtension( - ICertificateAuthority ca, X509CertInfo info) { + ICertificateAuthority ca, X509CertInfo info) throws EBaseException { KeyIdentifier kid = null; String localKey = getConfig("localKey"); if (localKey != null && localKey.equals("true")) { diff --git a/base/server/cms/src/com/netscape/cms/profile/def/CAEnrollDefault.java b/base/server/cms/src/com/netscape/cms/profile/def/CAEnrollDefault.java index 696830ead..14484e0c3 100644 --- a/base/server/cms/src/com/netscape/cms/profile/def/CAEnrollDefault.java +++ b/base/server/cms/src/com/netscape/cms/profile/def/CAEnrollDefault.java @@ -22,6 +22,10 @@ import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.ca.ICertificateAuthority; + import netscape.security.x509.CertificateX509Key; import netscape.security.x509.KeyIdentifier; import netscape.security.x509.PKIXExtensions; @@ -30,9 +34,6 @@ import netscape.security.x509.X509CertImpl; import netscape.security.x509.X509CertInfo; import netscape.security.x509.X509Key; -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.ca.ICertificateAuthority; - /** * This class implements an abstract CA specific * Enrollment default. This policy can only be @@ -68,7 +69,7 @@ public abstract class CAEnrollDefault extends EnrollDefault { return null; } - public KeyIdentifier getCAKeyIdentifier(ICertificateAuthority ca) { + public KeyIdentifier getCAKeyIdentifier(ICertificateAuthority ca) throws EBaseException { X509CertImpl caCert = ca.getCACert(); if (caCert == null) { // during configuration, we dont have the CA certificate diff --git a/base/server/cms/src/com/netscape/cms/profile/def/EnrollDefault.java b/base/server/cms/src/com/netscape/cms/profile/def/EnrollDefault.java index 8a6fa4cef..00d669e37 100644 --- a/base/server/cms/src/com/netscape/cms/profile/def/EnrollDefault.java +++ b/base/server/cms/src/com/netscape/cms/profile/def/EnrollDefault.java @@ -24,6 +24,23 @@ import java.util.NoSuchElementException; import java.util.StringTokenizer; import java.util.Vector; +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.IAttrSet; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.base.IPrettyPrintFormat; +import com.netscape.certsrv.common.NameValuePairs; +import com.netscape.certsrv.pattern.Pattern; +import com.netscape.certsrv.profile.EProfileException; +import com.netscape.certsrv.profile.ICertInfoPolicyDefault; +import com.netscape.certsrv.profile.IEnrollProfile; +import com.netscape.certsrv.profile.IPolicyDefault; +import com.netscape.certsrv.profile.IProfile; +import com.netscape.certsrv.property.EPropertyException; +import com.netscape.certsrv.property.IDescriptor; +import com.netscape.certsrv.request.IRequest; +import com.netscape.cms.profile.common.EnrollProfile; + import netscape.security.extensions.KerberosName; import netscape.security.util.DerInputStream; import netscape.security.util.DerOutputStream; @@ -43,23 +60,6 @@ import netscape.security.x509.URIName; import netscape.security.x509.X500Name; import netscape.security.x509.X509CertInfo; -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IAttrSet; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.base.IPrettyPrintFormat; -import com.netscape.certsrv.common.NameValuePairs; -import com.netscape.certsrv.pattern.Pattern; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.ICertInfoPolicyDefault; -import com.netscape.certsrv.profile.IEnrollProfile; -import com.netscape.certsrv.profile.IPolicyDefault; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements an enrollment default policy. * |