diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java | 123 |
1 files changed, 59 insertions, 64 deletions
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java index 3d98f3c2e..b3f9298cb 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.util.Date; import java.util.Locale; import java.util.Vector; @@ -36,30 +35,30 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * RenewalValidityConstraints is a default rule for Certificate * Renewal. This policy enforces the no of days before which a * currently active certificate can be renewed and sets new validity * period for the renewed certificate starting from the the ending * period in the old certificate. - * + * * The main parameters are: - * - * The renewal leadtime in days: - i.e how many days before the - * expiry of the current certificate can one request the renewal. - * min and max validity duration. + * + * The renewal leadtime in days: - i.e how many days before the + * expiry of the current certificate can one request the renewal. + * min and max validity duration. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class RenewalValidityConstraints extends APolicyRule - implements IRenewalPolicy, IExtendedPluginInfo { + implements IRenewalPolicy, IExtendedPluginInfo { private long mMinValidity; private long mMaxValidity; private long mRenewalInterval; @@ -78,11 +77,11 @@ public class RenewalValidityConstraints extends APolicyRule static { defConfParams.addElement(PROP_MIN_VALIDITY + "=" + - DEF_MIN_VALIDITY); + DEF_MIN_VALIDITY); defConfParams.addElement(PROP_MAX_VALIDITY + "=" + - DEF_MAX_VALIDITY); + DEF_MAX_VALIDITY); defConfParams.addElement(PROP_RENEWAL_INTERVAL + "=" + - DEF_RENEWAL_INTERVAL); + DEF_RENEWAL_INTERVAL); } public String[] getExtendedPluginInfo(Locale locale) { @@ -91,10 +90,10 @@ public class RenewalValidityConstraints extends APolicyRule PROP_MAX_VALIDITY + ";number;Specifies the maximum validity period, in days, for renewed certificates.", PROP_RENEWAL_INTERVAL + ";number;Specifies how many days before its expiration that a certificate can be renewed.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-renewalvalidityconstraints", + ";configuration-policyrules-renewalvalidityconstraints", IExtendedPluginInfo.HELP_TEXT + - ";Reject renewal request if the certificate is too far " + - "before it's expiry date" + ";Reject renewal request if the certificate is too far " + + "before it's expiry date" }; return params; @@ -109,20 +108,15 @@ public class RenewalValidityConstraints extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries probably are of the form: - * - * ra.Policy.rule.<ruleName>.implName=ValidityConstraints - * ra.Policy.rule.<ruleName>.enable=true - * ra.Policy.rule.<ruleName>.minValidity=30 - * ra.Policy.rule.<ruleName>.maxValidity=180 - * ra.Policy.rule.<ruleName>.renewalInterval=15 - * ra.Policy.rule.<ruleName>.predicate=ou==Sales - * - * @param config The config store reference + * + * ra.Policy.rule.<ruleName>.implName=ValidityConstraints ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.minValidity=30 ra.Policy.rule.<ruleName>.maxValidity=180 ra.Policy.rule.<ruleName>.renewalInterval=15 ra.Policy.rule.<ruleName>.predicate=ou==Sales + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EPolicyException { + throws EPolicyException { // Get min and max validity in days and onfigure them. try { @@ -148,7 +142,7 @@ public class RenewalValidityConstraints extends APolicyRule // minValidity can't be bigger than maxValidity. if (mMinValidity > mMaxValidity) { - String params[] = {getInstanceName(), + String params[] = { getInstanceName(), String.valueOf(mMinValidity / DAYS_TO_MS_FACTOR), String.valueOf(mMaxValidity / DAYS_TO_MS_FACTOR) }; @@ -158,7 +152,7 @@ public class RenewalValidityConstraints extends APolicyRule // Renewal interval can't be more than maxValidity. if (mRenewalInterval > mMaxValidity) { - String params[] = {getInstanceName(), + String params[] = { getInstanceName(), String.valueOf(mRenewalInterval / DAYS_TO_MS_FACTOR), String.valueOf(mMaxValidity / DAYS_TO_MS_FACTOR) }; @@ -167,7 +161,7 @@ public class RenewalValidityConstraints extends APolicyRule } } catch (Exception e) { // e.printStackTrace(); - String[] params = {getInstanceName(), e.toString()}; + String[] params = { getInstanceName(), e.toString() }; throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG", params)); @@ -177,8 +171,8 @@ public class RenewalValidityConstraints extends APolicyRule /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -191,15 +185,15 @@ public class RenewalValidityConstraints extends APolicyRule try { // Get the certificate info from the request X509CertInfo certInfo[] = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); // Get the certificates being renwed. X509CertImpl currentCerts[] = - req.getExtDataInCertArray(IRequest.OLD_CERTS); + req.getExtDataInCertArray(IRequest.OLD_CERTS); // Both certificate info and current certs should be set if (certInfo == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", getInstanceName()), ""); return PolicyResult.REJECTED; } @@ -218,12 +212,12 @@ public class RenewalValidityConstraints extends APolicyRule // set the validity. for (int i = 0; i < certInfo.length; i++) { X509CertInfo oldCertInfo = (X509CertInfo) - currentCerts[i].get(X509CertImpl.NAME + - "." + X509CertImpl.INFO); - CertificateValidity oldValidity = (CertificateValidity) - oldCertInfo.get(X509CertInfo.VALIDITY); + currentCerts[i].get(X509CertImpl.NAME + + "." + X509CertImpl.INFO); + CertificateValidity oldValidity = (CertificateValidity) + oldCertInfo.get(X509CertInfo.VALIDITY); Date notAfter = (Date) - oldValidity.get(CertificateValidity.NOT_AFTER); + oldValidity.get(CertificateValidity.NOT_AFTER); // Is the Certificate still valid? Date now = CMS.getCurrentDate(); @@ -233,14 +227,14 @@ public class RenewalValidityConstraints extends APolicyRule long interval = notAfter.getTime() - now.getTime(); if (interval > mRenewalInterval) { - setError(req, - CMS.getUserMessage("CMS_POLICY_LONG_RENEWAL_LEAD_TIME", - getInstanceName(), - String.valueOf(mRenewalInterval / DAYS_TO_MS_FACTOR)), ""); - setError(req, - CMS.getUserMessage("CMS_POLICY_EXISTING_CERT_DETAILS", - getInstanceName(), - getCertDetails(req, currentCerts[i])), ""); + setError(req, + CMS.getUserMessage("CMS_POLICY_LONG_RENEWAL_LEAD_TIME", + getInstanceName(), + String.valueOf(mRenewalInterval / DAYS_TO_MS_FACTOR)), ""); + setError(req, + CMS.getUserMessage("CMS_POLICY_EXISTING_CERT_DETAILS", + getInstanceName(), + getCertDetails(req, currentCerts[i])), ""); result = PolicyResult.REJECTED; setDummyValidity(certInfo[i]); @@ -256,19 +250,19 @@ public class RenewalValidityConstraints extends APolicyRule // If the new notAfter is within renewal interval days from // today or already expired, set the notBefore to today. if (renewedNotAfter.before(now) || - (renewedNotAfter.getTime() - now.getTime()) <= - mRenewalInterval) { + (renewedNotAfter.getTime() - now.getTime()) <= + mRenewalInterval) { renewedNotBef = now; renewedNotAfter = new Date(now.getTime() + mMaxValidity); } CertificateValidity newValidity = - new CertificateValidity(renewedNotBef, renewedNotAfter); + new CertificateValidity(renewedNotBef, renewedNotAfter); certInfo[i].set(X509CertInfo.VALIDITY, newValidity); } } catch (Exception e) { - String params[] = {getInstanceName(), e.toString()}; + String params[] = { getInstanceName(), e.toString() }; setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), ""); result = PolicyResult.REJECTED; @@ -278,24 +272,24 @@ public class RenewalValidityConstraints extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getInstanceParams() { Vector confParams = new Vector(); confParams.addElement(PROP_MIN_VALIDITY + "=" + - mMinValidity / DAYS_TO_MS_FACTOR); + mMinValidity / DAYS_TO_MS_FACTOR); confParams.addElement(PROP_MAX_VALIDITY + "=" + - mMaxValidity / DAYS_TO_MS_FACTOR); + mMaxValidity / DAYS_TO_MS_FACTOR); confParams.addElement(PROP_RENEWAL_INTERVAL + "=" + - mRenewalInterval / DAYS_TO_MS_FACTOR); + mRenewalInterval / DAYS_TO_MS_FACTOR); return confParams; } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getDefaultParams() { @@ -306,7 +300,7 @@ public class RenewalValidityConstraints extends APolicyRule private void setDummyValidity(X509CertInfo certInfo) { try { certInfo.set(X509CertInfo.VALIDITY, - new CertificateValidity(CMS.getCurrentDate(), new Date())); + new CertificateValidity(CMS.getCurrentDate(), new Date())); } catch (Exception e) { } } @@ -317,8 +311,8 @@ public class RenewalValidityConstraints extends APolicyRule sb.append("\n"); sb.append("Serial No: " + cert.getSerialNumber().toString(16)); sb.append("\n"); - sb.append("Validity: " + cert.getNotBefore().toString() + - " - " + cert.getNotAfter().toString()); + sb.append("Validity: " + cert.getNotBefore().toString() + + " - " + cert.getNotAfter().toString()); sb.append("\n"); String certType = req.getExtDataInString(IRequest.CERT_TYPE); @@ -326,11 +320,12 @@ public class RenewalValidityConstraints extends APolicyRule certType = IRequest.SERVER_CERT; if (certType.equals(IRequest.CLIENT_CERT)) { - /*** Take this our - URL formulation hard to do here. - sb.append("Use the following url with your CA/RA gateway spec to download the certificate."); - sb.append("\n"); - sb.append("/query/certImport?op=displayByserial&serialNumber="); - sb.append(cert.getSerialNumber().toString(16)); + /*** + * Take this our - URL formulation hard to do here. + * sb.append("Use the following url with your CA/RA gateway spec to download the certificate."); + * sb.append("\n"); + * sb.append("/query/certImport?op=displayByserial&serialNumber="); + * sb.append(cert.getSerialNumber().toString(16)); ***/ sb.append("\n"); } else { |