summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java98
1 files changed, 51 insertions, 47 deletions
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java
index e17897f9d..8286cf319 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.constraints;
+
import java.util.Enumeration;
import java.util.Locale;
import java.util.StringTokenizer;
@@ -36,41 +37,44 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
+
/**
- * KeyAlgorithmConstraints enforces a constraint that the RA or a CA honor only
- * the keys generated using one of the permitted algorithms such as RSA, DSA or
- * DH.
+ * KeyAlgorithmConstraints enforces a constraint that the RA or a CA
+ * honor only the keys generated using one of the permitted algorithms
+ * such as RSA, DSA or DH.
* <P>
- *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class KeyAlgorithmConstraints extends APolicyRule implements
- IEnrollmentPolicy, IExtendedPluginInfo {
+public class KeyAlgorithmConstraints extends APolicyRule
+ implements IEnrollmentPolicy, IExtendedPluginInfo {
private Vector mAlgorithms;
private final static String DEF_KEY_ALGORITHM = "RSA,DSA";
private final static String PROP_ALGORITHMS = "algorithms";
- private final static String[] supportedAlgorithms = { "RSA", "DSA", "DH" };
+ private final static String[] supportedAlgorithms =
+ {"RSA", "DSA", "DH" };
private final static Vector defConfParams = new Vector();
static {
- defConfParams.addElement(PROP_ALGORITHMS + "=" + DEF_KEY_ALGORITHM);
+ defConfParams.addElement(PROP_ALGORITHMS + "=" +
+ DEF_KEY_ALGORITHM);
}
public String[] getExtendedPluginInfo(Locale locale) {
String params[] = {
"algorithms;choice(RSA\\,DSA,RSA,DSA);Certificate's key can be one of these algorithms",
- IExtendedPluginInfo.HELP_TOKEN
- + ";configuration-policyrules-keyalgorithmconstraints",
- IExtendedPluginInfo.HELP_TEXT
- + ";Rejects the request if the key in the certificate is "
- + "not of the type specified" };
+ IExtendedPluginInfo.HELP_TOKEN +
+ ";configuration-policyrules-keyalgorithmconstraints",
+ IExtendedPluginInfo.HELP_TEXT +
+ ";Rejects the request if the key in the certificate is " +
+ "not of the type specified"
+ };
return params;
}
@@ -83,17 +87,17 @@ public class KeyAlgorithmConstraints extends APolicyRule implements
/**
* Initializes this policy rule.
* <P>
- *
+ *
* The entries probably are of the form
- * ra.Policy.rule.<ruleName>.implName=KeyAlgorithmConstraints
- * ra.Policy.rule.<ruleName>.algorithms=RSA,DSA
- * ra.Policy.rule.<ruleName>.enable=true
- * ra.Policy.rule.<ruleName>.predicate=ou==Sales
- *
- * @param config The config store reference
+ * ra.Policy.rule.<ruleName>.implName=KeyAlgorithmConstraints
+ * ra.Policy.rule.<ruleName>.algorithms=RSA,DSA
+ * ra.Policy.rule.<ruleName>.enable=true
+ * ra.Policy.rule.<ruleName>.predicate=ou==Sales
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EPolicyException {
+ throws EPolicyException {
mAlgorithms = new Vector();
@@ -108,10 +112,10 @@ public class KeyAlgorithmConstraints extends APolicyRule implements
try {
algNames = config.getString(PROP_ALGORITHMS, null);
} catch (Exception e) {
- String[] params = { getInstanceName(), e.toString() };
+ String[] params = {getInstanceName(), e.toString()};
- throw new EPolicyException(CMS.getUserMessage(
- "CMS_POLICY_INVALID_POLICY_CONFIG", params));
+ throw new EPolicyException(
+ CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG", params));
}
if (algNames == null) {
@@ -129,10 +133,11 @@ public class KeyAlgorithmConstraints extends APolicyRule implements
}
// Check if configured algorithms are supported.
- for (Enumeration e = mAlgorithms.elements(); e.hasMoreElements();) {
+ for (Enumeration e = mAlgorithms.elements();
+ e.hasMoreElements();) {
int i;
String configuredAlg = (String) e.nextElement();
-
+
// See if it is a supported algorithm.
for (i = 0; i < supportedAlgorithms.length; i++) {
if (configuredAlg.equals(supportedAlgorithms[i]))
@@ -141,17 +146,17 @@ public class KeyAlgorithmConstraints extends APolicyRule implements
// Did we not find it?
if (i == supportedAlgorithms.length)
- throw new EPolicyException(CMS.getUserMessage(
- "CMS_POLICY_UNSUPPORTED_KEY_ALG", getInstanceName(),
- configuredAlg));
+ throw new EPolicyException(
+ CMS.getUserMessage("CMS_POLICY_UNSUPPORTED_KEY_ALG",
+ getInstanceName(), configuredAlg));
}
}
/**
* Applies the policy on the given Request.
* <P>
- *
- * @param req The request on which to apply policy.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
@@ -161,9 +166,8 @@ public class KeyAlgorithmConstraints extends APolicyRule implements
try {
// Get the certificate info from the request
// X509CertInfo certInfo[] = (X509CertInfo[])
- // req.get(IRequest.CERT_INFO);
- X509CertInfo certInfo[] = req
- .getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ // req.get(IRequest.CERT_INFO);
+ X509CertInfo certInfo[] = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
// We need to have a certificate info set
if (certInfo == null) {
@@ -174,23 +178,22 @@ public class KeyAlgorithmConstraints extends APolicyRule implements
// Else check if the key algorithm is supported.
for (int i = 0; i < certInfo.length; i++) {
- CertificateX509Key certKey = (CertificateX509Key) certInfo[i]
- .get(X509CertInfo.KEY);
+ CertificateX509Key certKey = (CertificateX509Key)
+ certInfo[i].get(X509CertInfo.KEY);
X509Key key = (X509Key) certKey.get(CertificateX509Key.KEY);
String alg = key.getAlgorithmId().getName().toUpperCase();
if (!mAlgorithms.contains(alg)) {
- setError(req, CMS.getUserMessage(
- "CMS_POLICY_KEY_ALG_VIOLATION", getInstanceName(),
- alg), "");
+ setError(req, CMS.getUserMessage("CMS_POLICY_KEY_ALG_VIOLATION",
+ getInstanceName(), alg), "");
result = PolicyResult.REJECTED;
}
}
} catch (Exception e) {
- String params[] = { getInstanceName(), e.toString() };
+ String params[] = {getInstanceName(), e.toString()};
- setError(req, CMS.getUserMessage(
- "CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
+ setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
+ params), "");
result = PolicyResult.REJECTED;
}
return result;
@@ -198,10 +201,10 @@ public class KeyAlgorithmConstraints extends APolicyRule implements
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getInstanceParams() {
+ public Vector getInstanceParams() {
Vector v = new Vector();
StringBuffer sb = new StringBuffer();
@@ -214,13 +217,14 @@ public class KeyAlgorithmConstraints extends APolicyRule implements
v.addElement(PROP_ALGORITHMS + "=" + sb.toString());
return v;
}
-
+
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
public Vector getDefaultParams() {
return defConfParams;
}
}
+
generated by cgit (git 2.34.1) at 2024-07-03 11:14:37 +0000