diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java | 98 |
1 files changed, 51 insertions, 47 deletions
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java index e17897f9d..8286cf319 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; + import java.util.Enumeration; import java.util.Locale; import java.util.StringTokenizer; @@ -36,41 +37,44 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; + /** - * KeyAlgorithmConstraints enforces a constraint that the RA or a CA honor only - * the keys generated using one of the permitted algorithms such as RSA, DSA or - * DH. + * KeyAlgorithmConstraints enforces a constraint that the RA or a CA + * honor only the keys generated using one of the permitted algorithms + * such as RSA, DSA or DH. * <P> - * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ -public class KeyAlgorithmConstraints extends APolicyRule implements - IEnrollmentPolicy, IExtendedPluginInfo { +public class KeyAlgorithmConstraints extends APolicyRule + implements IEnrollmentPolicy, IExtendedPluginInfo { private Vector mAlgorithms; private final static String DEF_KEY_ALGORITHM = "RSA,DSA"; private final static String PROP_ALGORITHMS = "algorithms"; - private final static String[] supportedAlgorithms = { "RSA", "DSA", "DH" }; + private final static String[] supportedAlgorithms = + {"RSA", "DSA", "DH" }; private final static Vector defConfParams = new Vector(); static { - defConfParams.addElement(PROP_ALGORITHMS + "=" + DEF_KEY_ALGORITHM); + defConfParams.addElement(PROP_ALGORITHMS + "=" + + DEF_KEY_ALGORITHM); } public String[] getExtendedPluginInfo(Locale locale) { String params[] = { "algorithms;choice(RSA\\,DSA,RSA,DSA);Certificate's key can be one of these algorithms", - IExtendedPluginInfo.HELP_TOKEN - + ";configuration-policyrules-keyalgorithmconstraints", - IExtendedPluginInfo.HELP_TEXT - + ";Rejects the request if the key in the certificate is " - + "not of the type specified" }; + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-policyrules-keyalgorithmconstraints", + IExtendedPluginInfo.HELP_TEXT + + ";Rejects the request if the key in the certificate is " + + "not of the type specified" + }; return params; } @@ -83,17 +87,17 @@ public class KeyAlgorithmConstraints extends APolicyRule implements /** * Initializes this policy rule. * <P> - * + * * The entries probably are of the form - * ra.Policy.rule.<ruleName>.implName=KeyAlgorithmConstraints - * ra.Policy.rule.<ruleName>.algorithms=RSA,DSA - * ra.Policy.rule.<ruleName>.enable=true - * ra.Policy.rule.<ruleName>.predicate=ou==Sales - * - * @param config The config store reference + * ra.Policy.rule.<ruleName>.implName=KeyAlgorithmConstraints + * ra.Policy.rule.<ruleName>.algorithms=RSA,DSA + * ra.Policy.rule.<ruleName>.enable=true + * ra.Policy.rule.<ruleName>.predicate=ou==Sales + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EPolicyException { + throws EPolicyException { mAlgorithms = new Vector(); @@ -108,10 +112,10 @@ public class KeyAlgorithmConstraints extends APolicyRule implements try { algNames = config.getString(PROP_ALGORITHMS, null); } catch (Exception e) { - String[] params = { getInstanceName(), e.toString() }; + String[] params = {getInstanceName(), e.toString()}; - throw new EPolicyException(CMS.getUserMessage( - "CMS_POLICY_INVALID_POLICY_CONFIG", params)); + throw new EPolicyException( + CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG", params)); } if (algNames == null) { @@ -129,10 +133,11 @@ public class KeyAlgorithmConstraints extends APolicyRule implements } // Check if configured algorithms are supported. - for (Enumeration e = mAlgorithms.elements(); e.hasMoreElements();) { + for (Enumeration e = mAlgorithms.elements(); + e.hasMoreElements();) { int i; String configuredAlg = (String) e.nextElement(); - + // See if it is a supported algorithm. for (i = 0; i < supportedAlgorithms.length; i++) { if (configuredAlg.equals(supportedAlgorithms[i])) @@ -141,17 +146,17 @@ public class KeyAlgorithmConstraints extends APolicyRule implements // Did we not find it? if (i == supportedAlgorithms.length) - throw new EPolicyException(CMS.getUserMessage( - "CMS_POLICY_UNSUPPORTED_KEY_ALG", getInstanceName(), - configuredAlg)); + throw new EPolicyException( + CMS.getUserMessage("CMS_POLICY_UNSUPPORTED_KEY_ALG", + getInstanceName(), configuredAlg)); } } /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -161,9 +166,8 @@ public class KeyAlgorithmConstraints extends APolicyRule implements try { // Get the certificate info from the request // X509CertInfo certInfo[] = (X509CertInfo[]) - // req.get(IRequest.CERT_INFO); - X509CertInfo certInfo[] = req - .getExtDataInCertInfoArray(IRequest.CERT_INFO); + // req.get(IRequest.CERT_INFO); + X509CertInfo certInfo[] = req.getExtDataInCertInfoArray(IRequest.CERT_INFO); // We need to have a certificate info set if (certInfo == null) { @@ -174,23 +178,22 @@ public class KeyAlgorithmConstraints extends APolicyRule implements // Else check if the key algorithm is supported. for (int i = 0; i < certInfo.length; i++) { - CertificateX509Key certKey = (CertificateX509Key) certInfo[i] - .get(X509CertInfo.KEY); + CertificateX509Key certKey = (CertificateX509Key) + certInfo[i].get(X509CertInfo.KEY); X509Key key = (X509Key) certKey.get(CertificateX509Key.KEY); String alg = key.getAlgorithmId().getName().toUpperCase(); if (!mAlgorithms.contains(alg)) { - setError(req, CMS.getUserMessage( - "CMS_POLICY_KEY_ALG_VIOLATION", getInstanceName(), - alg), ""); + setError(req, CMS.getUserMessage("CMS_POLICY_KEY_ALG_VIOLATION", + getInstanceName(), alg), ""); result = PolicyResult.REJECTED; } } } catch (Exception e) { - String params[] = { getInstanceName(), e.toString() }; + String params[] = {getInstanceName(), e.toString()}; - setError(req, CMS.getUserMessage( - "CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), ""); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", + params), ""); result = PolicyResult.REJECTED; } return result; @@ -198,10 +201,10 @@ public class KeyAlgorithmConstraints extends APolicyRule implements /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector getInstanceParams() { + public Vector getInstanceParams() { Vector v = new Vector(); StringBuffer sb = new StringBuffer(); @@ -214,13 +217,14 @@ public class KeyAlgorithmConstraints extends APolicyRule implements v.addElement(PROP_ALGORITHMS + "=" + sb.toString()); return v; } - + /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getDefaultParams() { return defConfParams; } } + |