diff options
Diffstat (limited to 'base/tps/src/org/dogtagpki/server/tps/TPSTokenPolicy.java')
-rw-r--r-- | base/tps/src/org/dogtagpki/server/tps/TPSTokenPolicy.java | 158 |
1 files changed, 158 insertions, 0 deletions
diff --git a/base/tps/src/org/dogtagpki/server/tps/TPSTokenPolicy.java b/base/tps/src/org/dogtagpki/server/tps/TPSTokenPolicy.java new file mode 100644 index 000000000..1a866f737 --- /dev/null +++ b/base/tps/src/org/dogtagpki/server/tps/TPSTokenPolicy.java @@ -0,0 +1,158 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2014 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package org.dogtagpki.server.tps; + +import org.dogtagpki.server.tps.dbs.TokenRecord; +import org.dogtagpki.tps.main.TPSException; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.EPropertyNotFound; +import com.netscape.certsrv.base.IConfigStore; + +/* + * TPSTokenPolicy - handles token enrollment related policies + * + * @author cfu + */ +public class TPSTokenPolicy { + private TPSSubsystem tps; + private static final String DEFAULT_POLICY_SET_STRING = + "RE_ENROLL=YES;RENEW=NO;FORCE_FORMAT=NO;PIN_RESET=NO;RESET_PIN_RESET_TO_NO=NO"; + private boolean re_enroll = true; + private boolean renew = false; + private boolean force_format = false; + private boolean pin_reset = true; + private boolean reset_pin_reset_to_no = false; + + public TPSTokenPolicy (TPSSubsystem tps) throws TPSException { + if (tps == null) { + String msg = "TPSTokenPolicy.TPSTokenPolicy: tps cannnot be null"; + CMS.debug(msg); + throw new TPSException(msg); + } + this.tps = tps; + // init from config first + String policySetString = getDefaultPolicySetString(); + parsePolicySetString(policySetString); + + } + + public String getDefaultPolicySetString() { + IConfigStore configStore = CMS.getConfigStore(); + String configName = "tokendb.defaultPolicy"; + String policySetString; + try { + policySetString = configStore.getString(configName); + } catch (EPropertyNotFound e) { + policySetString = DEFAULT_POLICY_SET_STRING; + } catch (EBaseException e) { + policySetString = DEFAULT_POLICY_SET_STRING; + } + + return policySetString; + } + + public void parsePolicySetString (String policySetString) { + if (policySetString == null) + return; // take the default + + String[] policySet = policySetString.split(";"); + for (String policyString : policySet) { + String[] policy = policyString.split("="); + if (policy[0].equalsIgnoreCase("RE_ENROLL")) + re_enroll = getBool(policy[1], true); + else if (policy[0].equalsIgnoreCase("RENEW")) + renew = getBool(policy[1], false); + else if (policy[0].equalsIgnoreCase("FORCE_FORMAT")) + force_format = getBool(policy[1], false); + else if (policy[0].equalsIgnoreCase("PIN_RESET")) + pin_reset = getBool(policy[1], false); + else if (policy[0].equalsIgnoreCase("RESET_PIN_RESET_TO_NO")) + reset_pin_reset_to_no = getBool(policy[1], false); + //else no change, just take the default; + } + } + +/* + * getBool translates string to boolean: + * true: "YES", "yes", "TRUE", "true" + * false: "NO", "no", "FALSE", "false" + * + * if tring is null or Anything othrer than the above, defaultbool is returned + */ + private boolean getBool(String string, boolean defaultBool) { + if (string == null) + return defaultBool; + + if (string.equalsIgnoreCase("YES") || + string.equalsIgnoreCase("true")) { + return true; + } else if (string.equalsIgnoreCase("NO") || + string.equalsIgnoreCase("false")) { + return false; + } + + return defaultBool; + } + + private void getUpdatedPolicy(String cuid) { + // note: default policy already initialized in the constructor + TokenRecord tokenRecord = null; + String policySetString = null; + try { + tokenRecord = tps.tdb.tdbGetTokenEntry(cuid); + } catch (Exception e) { + // just take the default; + return; + } + + policySetString = tokenRecord.getPolicy(); + parsePolicySetString(policySetString); + } + + public boolean isAllowedTokenPinReset(String cuid) { + getUpdatedPolicy(cuid); + + return reset_pin_reset_to_no; + } + + public boolean isAllowedPinReset(String cuid) { + getUpdatedPolicy(cuid); + + return pin_reset; + } + + public boolean isForceTokenFormat(String cuid) { + getUpdatedPolicy(cuid); + + return force_format; + } + + public boolean isAllowdTokenReenroll(String cuid) { + getUpdatedPolicy(cuid); + + return re_enroll; + } + + public boolean isAllowdTokenRenew(String cuid) { + getUpdatedPolicy(cuid); + + return renew; + } +}
\ No newline at end of file |