summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/policy/APolicyRule.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/policy/APolicyRule.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/APolicyRule.java180
1 files changed, 87 insertions, 93 deletions
diff --git a/pki/base/common/src/com/netscape/cms/policy/APolicyRule.java b/pki/base/common/src/com/netscape/cms/policy/APolicyRule.java
index ae9c2f5e1..d9a527d68 100644
--- a/pki/base/common/src/com/netscape/cms/policy/APolicyRule.java
+++ b/pki/base/common/src/com/netscape/cms/policy/APolicyRule.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy;
+
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
@@ -41,15 +42,16 @@ import com.netscape.certsrv.request.AgentApprovals;
import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
+
/**
- * The abstract policy rule that concrete implementations will extend.
+ * The abstract policy rule that concrete implementations will
+ * extend.
* <P>
- *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
@@ -66,16 +68,15 @@ public abstract class APolicyRule implements IPolicyRule {
/**
* Initializes the policy rule.
* <P>
- *
- * @param config The config store reference
+ *
+ * @param config The config store reference
*/
public abstract void init(ISubsystem owner, IConfigStore config)
- throws EBaseException;
+ throws EBaseException;
/**
* Gets the description for this policy rule.
* <P>
- *
* @return The Description for this rule.
*/
public String getDescription() {
@@ -85,8 +86,8 @@ public abstract class APolicyRule implements IPolicyRule {
/**
* Sets a predicate expression for rule matching.
* <P>
- *
- * @param exp The predicate expression for the rule.
+ *
+ * @param exp The predicate expression for the rule.
*/
public void setPredicate(IExpression exp) {
mFilterExp = exp;
@@ -95,7 +96,7 @@ public abstract class APolicyRule implements IPolicyRule {
/**
* Returns the predicate expression for the rule.
* <P>
- *
+ *
* @return The predicate expression for the rule.
*/
public IExpression getPredicate() {
@@ -105,7 +106,7 @@ public abstract class APolicyRule implements IPolicyRule {
/**
* Returns the name of the policy rule.
* <P>
- *
+ *
* @return The name of the policy class.
*/
public String getName() {
@@ -113,45 +114,45 @@ public abstract class APolicyRule implements IPolicyRule {
}
/**
- * Sets the instance name for a policy rule.
+ * Sets the instance name for a policy rule.
* <P>
- *
- * @param instanceName The name of the rule instance.
+ *
+ * @param instanceName The name of the rule instance.
*/
- public void setInstanceName(String instanceName) {
+ public void setInstanceName(String instanceName) {
mInstanceName = instanceName;
}
/**
* Returns the name of the policy rule instance.
* <P>
- *
- * @return The name of the policy rule instance if set, else the name of the
- * rule class.
+ *
+ * @return The name of the policy rule instance if set, else
+ * the name of the rule class.
*/
- public String getInstanceName() {
+ public String getInstanceName() {
return mInstanceName != null ? mInstanceName : NAME;
}
/**
* Applies the policy on the given Request.
* <P>
- *
- * @param req The request on which to apply policy.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public abstract PolicyResult apply(IRequest req);
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
public abstract Vector getInstanceParams();
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
public abstract Vector getDefaultParams();
@@ -160,7 +161,8 @@ public abstract class APolicyRule implements IPolicyRule {
setPolicyException(req, format, params);
}
- public void setError(IRequest req, String format, String arg1, String arg2) {
+ public void setError(IRequest req, String format, String arg1,
+ String arg2) {
Object[] np = new Object[2];
np[0] = arg1;
@@ -186,16 +188,16 @@ public abstract class APolicyRule implements IPolicyRule {
}
/**
- * determines whether a DEFERRED policy result should be returned by
- * checking the contents of the AgentApprovals attribute. This call should
- * be used by policy modules instead of returning PolicyResult.DEFERRED
- * directly.
+ * determines whether a DEFERRED policy result should be returned
+ * by checking the contents of the AgentApprovals attribute. This
+ * call should be used by policy modules instead of returning
+ * PolicyResult.DEFERRED directly.
* <p>
*/
protected PolicyResult deferred(IRequest req) {
// Try to find an agent approval
- AgentApprovals aa = AgentApprovals.fromStringVector(req
- .getExtDataInStringVector(AgentApprovals.class.getName()));
+ AgentApprovals aa = AgentApprovals.fromStringVector(
+ req.getExtDataInStringVector(AgentApprovals.class.getName()));
// Any approvals causes success
if (aa != null && aa.elements().hasMoreElements()) {
@@ -210,8 +212,8 @@ public abstract class APolicyRule implements IPolicyRule {
*/
protected boolean agentApproved(IRequest req) {
// Try to find an agent approval
- AgentApprovals aa = AgentApprovals.fromStringVector(req
- .getExtDataInStringVector(AgentApprovals.class.getName()));
+ AgentApprovals aa = AgentApprovals.fromStringVector(
+ req.getExtDataInStringVector(AgentApprovals.class.getName()));
// Any approvals causes success
if (aa != null && aa.elements().hasMoreElements()) {
@@ -221,11 +223,12 @@ public abstract class APolicyRule implements IPolicyRule {
}
}
- public void setPolicyException(IRequest req, String format, Object[] params) {
- if (format == null)
+ public void setPolicyException(IRequest req, String format,
+ Object[] params) {
+ if (format == null)
return;
- EPolicyException ex;
+ EPolicyException ex;
if (params == null)
ex = new EPolicyException(format);
@@ -244,12 +247,12 @@ public abstract class APolicyRule implements IPolicyRule {
* log a message for this policy rule.
*/
protected void log(int level, String msg) {
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "APolicyRule "
- + NAME + ": " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level,
+ "APolicyRule " + NAME + ": " + msg);
}
- public static KeyIdentifier createKeyIdentifier(X509Key key)
- throws NoSuchAlgorithmException, InvalidKeyException {
+ public static KeyIdentifier createKeyIdentifier(X509Key key)
+ throws NoSuchAlgorithmException, InvalidKeyException {
MessageDigest md = MessageDigest.getInstance("SHA-1");
md.update(key.getEncoded());
@@ -257,89 +260,79 @@ public abstract class APolicyRule implements IPolicyRule {
}
/**
- * Form a byte array of octet string key identifier from the sha-1 hash of
+ * Form a byte array of octet string key identifier from the sha-1 hash of
* the Subject Public Key INFO. (including algorithm ID, etc.)
* <p>
- *
* @param certInfo cert info of the certificate.
* @return A Key identifier with the sha-1 hash of subject public key.
*/
protected KeyIdentifier formSpkiSHA1KeyId(X509CertInfo certInfo)
- throws EBaseException {
+ throws EBaseException {
KeyIdentifier keyId = null;
try {
- CertificateX509Key certKey = (CertificateX509Key) certInfo
- .get(X509CertInfo.KEY);
+ CertificateX509Key certKey =
+ (CertificateX509Key) certInfo.get(X509CertInfo.KEY);
if (certKey == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_MISSING_KEY_1", ""));
- throw new EPolicyException(CMS.getUserMessage(
- "CMS_POLICY_MISSING_KEY", NAME));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_MISSING_KEY_1", ""));
+ throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_MISSING_KEY", NAME));
}
X509Key key = (X509Key) certKey.get(CertificateX509Key.KEY);
if (key == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_MISSING_KEY_1", ""));
- throw new EPolicyException(CMS.getUserMessage(
- "CMS_POLICY_MISSING_KEY", NAME));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_MISSING_KEY_1", ""));
+ throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_MISSING_KEY", NAME));
}
keyId = createKeyIdentifier(key);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
- throw new EPolicyException(CMS.getUserMessage(
- "CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
+ throw new EPolicyException(
+ CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
- throw new EPolicyException(CMS.getUserMessage(
- "CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
+ throw new EPolicyException(
+ CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
} catch (NoSuchAlgorithmException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
- throw new EPolicyException(CMS.getUserMessage(
- "CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
+ throw new EPolicyException(
+ CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
} catch (InvalidKeyException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
- throw new EPolicyException(CMS.getUserMessage(
- "CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
+ throw new EPolicyException(
+ CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
}
return keyId;
}
/**
- * Form a byte array of octet string key identifier from the sha-1 hash of
+ * Form a byte array of octet string key identifier from the sha-1 hash of
* the Subject Public Key BIT STRING.
* <p>
- *
* @param certInfo cert info of the certificate.
* @return A Key identifier with the sha-1 hash of subject public key.
*/
protected KeyIdentifier formSHA1KeyId(X509CertInfo certInfo)
- throws EBaseException {
+ throws EBaseException {
KeyIdentifier keyId = null;
try {
- CertificateX509Key certKey = (CertificateX509Key) certInfo
- .get(X509CertInfo.KEY);
+ CertificateX509Key certKey =
+ (CertificateX509Key) certInfo.get(X509CertInfo.KEY);
if (certKey == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_MISSING_KEY_1", ""));
- throw new EPolicyException(CMS.getUserMessage(
- "CMS_POLICY_MISSING_KEY", NAME));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_MISSING_KEY_1", ""));
+ throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_MISSING_KEY", NAME));
}
X509Key key = (X509Key) certKey.get(CertificateX509Key.KEY);
if (key == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_MISSING_KEY_1", ""));
- throw new EPolicyException(CMS.getUserMessage(
- "CMS_POLICY_MISSING_KEY", NAME));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_MISSING_KEY_1", ""));
+ throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_MISSING_KEY", NAME));
}
byte[] rawKey = key.getKey();
@@ -348,21 +341,22 @@ public abstract class APolicyRule implements IPolicyRule {
md.update(rawKey);
keyId = new KeyIdentifier(md.digest());
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
- throw new EPolicyException(CMS.getUserMessage(
- "CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
+ throw new EPolicyException(
+ CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
- throw new EPolicyException(CMS.getUserMessage(
- "CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
+ throw new EPolicyException(
+ CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
} catch (NoSuchAlgorithmException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
- throw new EPolicyException(CMS.getUserMessage(
- "CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
+ throw new EPolicyException(
+ CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
}
return keyId;
}
}
+
generated by cgit (git 2.34.1) at 2024-08-21 14:39:24 +0000