diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java | 141 |
1 files changed, 69 insertions, 72 deletions
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java index 7f7537bfe..839a81342 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.util.Enumeration; import java.util.Locale; import java.util.StringTokenizer; @@ -41,21 +40,21 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** - * RSAKeyConstraints policy enforces min and max size of the key. - * Optionally checks the exponents. + * RSAKeyConstraints policy enforces min and max size of the key. Optionally + * checks the exponents. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ -public class RSAKeyConstraints extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { +public class RSAKeyConstraints extends APolicyRule implements + IEnrollmentPolicy, IExtendedPluginInfo { private Vector mExponents; private int mMinSize; private int mMaxSize; @@ -79,13 +78,13 @@ public class RSAKeyConstraints extends APolicyRule String[] params = { PROP_MIN_SIZE + ";number;Minimum size of user's RSA key (bits)", PROP_MAX_SIZE + ";number;Maximum size of user's RSA key (bits)", - PROP_EXPONENTS + ";string;Comma-separated list of permissible exponents", - IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-rsakeyconstraints", - IExtendedPluginInfo.HELP_TEXT + - ";Reject request if RSA key length is not within the " + - "specified constraints" - }; + PROP_EXPONENTS + + ";string;Comma-separated list of permissible exponents", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-policyrules-rsakeyconstraints", + IExtendedPluginInfo.HELP_TEXT + + ";Reject request if RSA key length is not within the " + + "specified constraints" }; return params; } @@ -98,40 +97,40 @@ public class RSAKeyConstraints extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries probably are of the form: - * - * ra.Policy.rule.<ruleName>.implName=RSAKeyConstraints - * ra.Policy.rule.<ruleName>.enable=true - * ra.Policy.rule.<ruleName>.minSize=512 - * ra.Policy.rule.<ruleName>.maxSize=2048 - * ra.Policy.rule.<ruleName>.predicate=ou==Marketing - * - * @param config The config store reference + * + * ra.Policy.rule.<ruleName>.implName=RSAKeyConstraints + * ra.Policy.rule.<ruleName>.enable=true + * ra.Policy.rule.<ruleName>.minSize=512 + * ra.Policy.rule.<ruleName>.maxSize=2048 + * ra.Policy.rule.<ruleName>.predicate=ou==Marketing + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { if (config == null || config.size() == 0) - throw new EPolicyException( - CMS.getUserMessage("CMS_POLICY_MISSING_POLICY_CONFIG", - getInstanceName())); + throw new EPolicyException(CMS.getUserMessage( + "CMS_POLICY_MISSING_POLICY_CONFIG", getInstanceName())); String exponents = null; // Get Min and Max sizes mMinSize = config.getInteger(PROP_MIN_SIZE, DEF_MIN_SIZE); mMaxSize = config.getInteger(PROP_MAX_SIZE, DEF_MAX_SIZE); - if (mMinSize <= 0) - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_MUST_BE_POSITIVE_NUMBER", PROP_MIN_SIZE)); - if (mMaxSize <= 0) - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_MUST_BE_POSITIVE_NUMBER", PROP_MAX_SIZE)); + if (mMinSize <= 0) + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_MUST_BE_POSITIVE_NUMBER", PROP_MIN_SIZE)); + if (mMaxSize <= 0) + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_MUST_BE_POSITIVE_NUMBER", PROP_MAX_SIZE)); - if (mMinSize > mMaxSize) - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_A_GREATER_THAN_EQUAL_B", PROP_MIN_SIZE, PROP_MAX_SIZE)); + if (mMinSize > mMaxSize) + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_A_GREATER_THAN_EQUAL_B", PROP_MIN_SIZE, + PROP_MAX_SIZE)); mExponents = new Vector(); @@ -149,11 +148,11 @@ public class RSAKeyConstraints extends APolicyRule } } catch (Exception e) { // e.printStackTrace(); - String[] params = {getInstanceName(), exponents, - PROP_EXPONENTS}; + String[] params = { getInstanceName(), exponents, + PROP_EXPONENTS }; - throw new EPolicyException( - CMS.getUserMessage("CMS_POLICY_INVALID_CONFIG_PARAM", params)); + throw new EPolicyException(CMS.getUserMessage( + "CMS_POLICY_INVALID_CONFIG_PARAM", params)); } } } @@ -161,8 +160,8 @@ public class RSAKeyConstraints extends APolicyRule /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -171,20 +170,20 @@ public class RSAKeyConstraints extends APolicyRule try { // Get the certificate info from the request - X509CertInfo certInfo[] = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo certInfo[] = req + .getExtDataInCertInfoArray(IRequest.CERT_INFO); // There should be a certificate info set. if (certInfo == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", getInstanceName()), ""); return PolicyResult.REJECTED; } // Else check if the key size(s) are within the limit. for (int i = 0; i < certInfo.length; i++) { - CertificateX509Key certKey = (CertificateX509Key) - certInfo[i].get(X509CertInfo.KEY); + CertificateX509Key certKey = (CertificateX509Key) certInfo[i] + .get(X509CertInfo.KEY); X509Key key = (X509Key) certKey.get(CertificateX509Key.KEY); String alg = key.getAlgorithmId().toString(); @@ -193,28 +192,25 @@ public class RSAKeyConstraints extends APolicyRule X509Key newkey = null; try { - newkey = new X509Key(AlgorithmId.get("RSA"), - key.getKey()); + newkey = new X509Key(AlgorithmId.get("RSA"), key.getKey()); } catch (Exception e) { - CMS.debug( "RSAKeyConstraints::apply() - " - + "Exception="+e.toString() ); - setError( req, - CMS.getUserMessage( "CMS_POLICY_KEY_SIZE_VIOLATION", - getInstanceName() ), - "" ); + CMS.debug("RSAKeyConstraints::apply() - " + "Exception=" + + e.toString()); + setError(req, + CMS.getUserMessage("CMS_POLICY_KEY_SIZE_VIOLATION", + getInstanceName()), ""); return PolicyResult.REJECTED; } RSAPublicKey rsaKey = new RSAPublicKey(newkey.getEncoded()); int keySize = rsaKey.getKeySize(); if (keySize < mMinSize || keySize > mMaxSize) { - String[] params = {getInstanceName(), - String.valueOf(keySize), - String.valueOf(mMinSize), - String.valueOf(mMaxSize)}; + String[] params = { getInstanceName(), + String.valueOf(keySize), String.valueOf(mMinSize), + String.valueOf(mMaxSize) }; - setError(req, CMS.getUserMessage("CMS_POLICY_KEY_SIZE_VIOLATION", - params), ""); + setError(req, CMS.getUserMessage( + "CMS_POLICY_KEY_SIZE_VIOLATION", params), ""); result = PolicyResult.REJECTED; } @@ -226,26 +222,28 @@ public class RSAKeyConstraints extends APolicyRule if (!mExponents.contains(exp)) { StringBuffer sb = new StringBuffer(); - for (Enumeration e = mExponents.elements(); - e.hasMoreElements();) { + for (Enumeration e = mExponents.elements(); e + .hasMoreElements();) { BigInt bi = (BigInt) e.nextElement(); sb.append(bi.toBigInteger().toString()); sb.append(" "); } - String[] params = {getInstanceName(), - exp.toBigInteger().toString(), new String(sb)}; + String[] params = { getInstanceName(), + exp.toBigInteger().toString(), new String(sb) }; - setError(req, CMS.getUserMessage("CMS_POLICY_EXPONENT_VIOLATION", params), ""); + setError(req, CMS.getUserMessage( + "CMS_POLICY_EXPONENT_VIOLATION", params), ""); result = PolicyResult.REJECTED; } } } } catch (Exception e) { // e.printStackTrace(); - String params[] = {getInstanceName(), e.toString()}; + String params[] = { getInstanceName(), e.toString() }; - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), ""); + setError(req, CMS.getUserMessage( + "CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), ""); result = PolicyResult.REJECTED; } return result; @@ -253,10 +251,10 @@ public class RSAKeyConstraints extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector getInstanceParams() { + public Vector getInstanceParams() { Vector confParams = new Vector(); confParams.addElement(PROP_MIN_SIZE + "=" + mMinSize); @@ -275,11 +273,10 @@ public class RSAKeyConstraints extends APolicyRule /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getDefaultParams() { return defConfParams; } } - |