diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java | 85 |
1 files changed, 39 insertions, 46 deletions
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java index 7f7537bfe..57176950a 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.util.Enumeration; import java.util.Locale; import java.util.StringTokenizer; @@ -41,21 +40,21 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * RSAKeyConstraints policy enforces min and max size of the key. * Optionally checks the exponents. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class RSAKeyConstraints extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { private Vector mExponents; private int mMinSize; private int mMaxSize; @@ -81,10 +80,10 @@ public class RSAKeyConstraints extends APolicyRule PROP_MAX_SIZE + ";number;Maximum size of user's RSA key (bits)", PROP_EXPONENTS + ";string;Comma-separated list of permissible exponents", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-rsakeyconstraints", + ";configuration-policyrules-rsakeyconstraints", IExtendedPluginInfo.HELP_TEXT + - ";Reject request if RSA key length is not within the " + - "specified constraints" + ";Reject request if RSA key length is not within the " + + "specified constraints" }; return params; @@ -98,38 +97,34 @@ public class RSAKeyConstraints extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries probably are of the form: - * - * ra.Policy.rule.<ruleName>.implName=RSAKeyConstraints - * ra.Policy.rule.<ruleName>.enable=true - * ra.Policy.rule.<ruleName>.minSize=512 - * ra.Policy.rule.<ruleName>.maxSize=2048 - * ra.Policy.rule.<ruleName>.predicate=ou==Marketing - * - * @param config The config store reference + * + * ra.Policy.rule.<ruleName>.implName=RSAKeyConstraints ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.minSize=512 ra.Policy.rule.<ruleName>.maxSize=2048 ra.Policy.rule.<ruleName>.predicate=ou==Marketing + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { if (config == null || config.size() == 0) throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_MISSING_POLICY_CONFIG", - getInstanceName())); + getInstanceName())); String exponents = null; // Get Min and Max sizes mMinSize = config.getInteger(PROP_MIN_SIZE, DEF_MIN_SIZE); mMaxSize = config.getInteger(PROP_MAX_SIZE, DEF_MAX_SIZE); - if (mMinSize <= 0) + if (mMinSize <= 0) throw new EBaseException( CMS.getUserMessage("CMS_BASE_MUST_BE_POSITIVE_NUMBER", PROP_MIN_SIZE)); - if (mMaxSize <= 0) + if (mMaxSize <= 0) throw new EBaseException( CMS.getUserMessage("CMS_BASE_MUST_BE_POSITIVE_NUMBER", PROP_MAX_SIZE)); - if (mMinSize > mMaxSize) + if (mMinSize > mMaxSize) throw new EBaseException( CMS.getUserMessage("CMS_BASE_A_GREATER_THAN_EQUAL_B", PROP_MIN_SIZE, PROP_MAX_SIZE)); @@ -149,8 +144,8 @@ public class RSAKeyConstraints extends APolicyRule } } catch (Exception e) { // e.printStackTrace(); - String[] params = {getInstanceName(), exponents, - PROP_EXPONENTS}; + String[] params = { getInstanceName(), exponents, + PROP_EXPONENTS }; throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_INVALID_CONFIG_PARAM", params)); @@ -161,8 +156,8 @@ public class RSAKeyConstraints extends APolicyRule /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -172,11 +167,11 @@ public class RSAKeyConstraints extends APolicyRule try { // Get the certificate info from the request X509CertInfo certInfo[] = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); // There should be a certificate info set. if (certInfo == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", getInstanceName()), ""); return PolicyResult.REJECTED; } @@ -184,7 +179,7 @@ public class RSAKeyConstraints extends APolicyRule // Else check if the key size(s) are within the limit. for (int i = 0; i < certInfo.length; i++) { CertificateX509Key certKey = (CertificateX509Key) - certInfo[i].get(X509CertInfo.KEY); + certInfo[i].get(X509CertInfo.KEY); X509Key key = (X509Key) certKey.get(CertificateX509Key.KEY); String alg = key.getAlgorithmId().toString(); @@ -196,22 +191,22 @@ public class RSAKeyConstraints extends APolicyRule newkey = new X509Key(AlgorithmId.get("RSA"), key.getKey()); } catch (Exception e) { - CMS.debug( "RSAKeyConstraints::apply() - " - + "Exception="+e.toString() ); - setError( req, - CMS.getUserMessage( "CMS_POLICY_KEY_SIZE_VIOLATION", - getInstanceName() ), - "" ); + CMS.debug("RSAKeyConstraints::apply() - " + + "Exception=" + e.toString()); + setError(req, + CMS.getUserMessage("CMS_POLICY_KEY_SIZE_VIOLATION", + getInstanceName()), + ""); return PolicyResult.REJECTED; } RSAPublicKey rsaKey = new RSAPublicKey(newkey.getEncoded()); int keySize = rsaKey.getKeySize(); if (keySize < mMinSize || keySize > mMaxSize) { - String[] params = {getInstanceName(), - String.valueOf(keySize), + String[] params = { getInstanceName(), + String.valueOf(keySize), String.valueOf(mMinSize), - String.valueOf(mMaxSize)}; + String.valueOf(mMaxSize) }; setError(req, CMS.getUserMessage("CMS_POLICY_KEY_SIZE_VIOLATION", params), ""); @@ -226,15 +221,14 @@ public class RSAKeyConstraints extends APolicyRule if (!mExponents.contains(exp)) { StringBuffer sb = new StringBuffer(); - for (Enumeration e = mExponents.elements(); - e.hasMoreElements();) { + for (Enumeration e = mExponents.elements(); e.hasMoreElements();) { BigInt bi = (BigInt) e.nextElement(); sb.append(bi.toBigInteger().toString()); sb.append(" "); } - String[] params = {getInstanceName(), - exp.toBigInteger().toString(), new String(sb)}; + String[] params = { getInstanceName(), + exp.toBigInteger().toString(), new String(sb) }; setError(req, CMS.getUserMessage("CMS_POLICY_EXPONENT_VIOLATION", params), ""); result = PolicyResult.REJECTED; @@ -243,7 +237,7 @@ public class RSAKeyConstraints extends APolicyRule } } catch (Exception e) { // e.printStackTrace(); - String params[] = {getInstanceName(), e.toString()}; + String params[] = { getInstanceName(), e.toString() }; setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), ""); result = PolicyResult.REJECTED; @@ -253,10 +247,10 @@ public class RSAKeyConstraints extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector getInstanceParams() { + public Vector getInstanceParams() { Vector confParams = new Vector(); confParams.addElement(PROP_MIN_SIZE + "=" + mMinSize); @@ -275,11 +269,10 @@ public class RSAKeyConstraints extends APolicyRule /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getDefaultParams() { return defConfParams; } } - |