summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java123
1 files changed, 59 insertions, 64 deletions
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java
index 3d98f3c2e..b3f9298cb 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.constraints;
-
import java.util.Date;
import java.util.Locale;
import java.util.Vector;
@@ -36,30 +35,30 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
* RenewalValidityConstraints is a default rule for Certificate
* Renewal. This policy enforces the no of days before which a
* currently active certificate can be renewed and sets new validity
* period for the renewed certificate starting from the the ending
* period in the old certificate.
- *
+ *
* The main parameters are:
- *
- * The renewal leadtime in days: - i.e how many days before the
- * expiry of the current certificate can one request the renewal.
- * min and max validity duration.
+ *
+ * The renewal leadtime in days: - i.e how many days before the
+ * expiry of the current certificate can one request the renewal.
+ * min and max validity duration.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
public class RenewalValidityConstraints extends APolicyRule
- implements IRenewalPolicy, IExtendedPluginInfo {
+ implements IRenewalPolicy, IExtendedPluginInfo {
private long mMinValidity;
private long mMaxValidity;
private long mRenewalInterval;
@@ -78,11 +77,11 @@ public class RenewalValidityConstraints extends APolicyRule
static {
defConfParams.addElement(PROP_MIN_VALIDITY + "=" +
- DEF_MIN_VALIDITY);
+ DEF_MIN_VALIDITY);
defConfParams.addElement(PROP_MAX_VALIDITY + "=" +
- DEF_MAX_VALIDITY);
+ DEF_MAX_VALIDITY);
defConfParams.addElement(PROP_RENEWAL_INTERVAL + "=" +
- DEF_RENEWAL_INTERVAL);
+ DEF_RENEWAL_INTERVAL);
}
public String[] getExtendedPluginInfo(Locale locale) {
@@ -91,10 +90,10 @@ public class RenewalValidityConstraints extends APolicyRule
PROP_MAX_VALIDITY + ";number;Specifies the maximum validity period, in days, for renewed certificates.",
PROP_RENEWAL_INTERVAL + ";number;Specifies how many days before its expiration that a certificate can be renewed.",
IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-renewalvalidityconstraints",
+ ";configuration-policyrules-renewalvalidityconstraints",
IExtendedPluginInfo.HELP_TEXT +
- ";Reject renewal request if the certificate is too far " +
- "before it's expiry date"
+ ";Reject renewal request if the certificate is too far " +
+ "before it's expiry date"
};
return params;
@@ -109,20 +108,15 @@ public class RenewalValidityConstraints extends APolicyRule
/**
* Initializes this policy rule.
* <P>
- *
+ *
* The entries probably are of the form:
- *
- * ra.Policy.rule.<ruleName>.implName=ValidityConstraints
- * ra.Policy.rule.<ruleName>.enable=true
- * ra.Policy.rule.<ruleName>.minValidity=30
- * ra.Policy.rule.<ruleName>.maxValidity=180
- * ra.Policy.rule.<ruleName>.renewalInterval=15
- * ra.Policy.rule.<ruleName>.predicate=ou==Sales
- *
- * @param config The config store reference
+ *
+ * ra.Policy.rule.<ruleName>.implName=ValidityConstraints ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.minValidity=30 ra.Policy.rule.<ruleName>.maxValidity=180 ra.Policy.rule.<ruleName>.renewalInterval=15 ra.Policy.rule.<ruleName>.predicate=ou==Sales
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EPolicyException {
+ throws EPolicyException {
// Get min and max validity in days and onfigure them.
try {
@@ -148,7 +142,7 @@ public class RenewalValidityConstraints extends APolicyRule
// minValidity can't be bigger than maxValidity.
if (mMinValidity > mMaxValidity) {
- String params[] = {getInstanceName(),
+ String params[] = { getInstanceName(),
String.valueOf(mMinValidity / DAYS_TO_MS_FACTOR),
String.valueOf(mMaxValidity / DAYS_TO_MS_FACTOR) };
@@ -158,7 +152,7 @@ public class RenewalValidityConstraints extends APolicyRule
// Renewal interval can't be more than maxValidity.
if (mRenewalInterval > mMaxValidity) {
- String params[] = {getInstanceName(),
+ String params[] = { getInstanceName(),
String.valueOf(mRenewalInterval / DAYS_TO_MS_FACTOR),
String.valueOf(mMaxValidity / DAYS_TO_MS_FACTOR) };
@@ -167,7 +161,7 @@ public class RenewalValidityConstraints extends APolicyRule
}
} catch (Exception e) {
// e.printStackTrace();
- String[] params = {getInstanceName(), e.toString()};
+ String[] params = { getInstanceName(), e.toString() };
throw new EPolicyException(
CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG", params));
@@ -177,8 +171,8 @@ public class RenewalValidityConstraints extends APolicyRule
/**
* Applies the policy on the given Request.
* <P>
- *
- * @param req The request on which to apply policy.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
@@ -191,15 +185,15 @@ public class RenewalValidityConstraints extends APolicyRule
try {
// Get the certificate info from the request
X509CertInfo certInfo[] =
- req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
// Get the certificates being renwed.
X509CertImpl currentCerts[] =
- req.getExtDataInCertArray(IRequest.OLD_CERTS);
+ req.getExtDataInCertArray(IRequest.OLD_CERTS);
// Both certificate info and current certs should be set
if (certInfo == null) {
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO",
+ setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO",
getInstanceName()), "");
return PolicyResult.REJECTED;
}
@@ -218,12 +212,12 @@ public class RenewalValidityConstraints extends APolicyRule
// set the validity.
for (int i = 0; i < certInfo.length; i++) {
X509CertInfo oldCertInfo = (X509CertInfo)
- currentCerts[i].get(X509CertImpl.NAME +
- "." + X509CertImpl.INFO);
- CertificateValidity oldValidity = (CertificateValidity)
- oldCertInfo.get(X509CertInfo.VALIDITY);
+ currentCerts[i].get(X509CertImpl.NAME +
+ "." + X509CertImpl.INFO);
+ CertificateValidity oldValidity = (CertificateValidity)
+ oldCertInfo.get(X509CertInfo.VALIDITY);
Date notAfter = (Date)
- oldValidity.get(CertificateValidity.NOT_AFTER);
+ oldValidity.get(CertificateValidity.NOT_AFTER);
// Is the Certificate still valid?
Date now = CMS.getCurrentDate();
@@ -233,14 +227,14 @@ public class RenewalValidityConstraints extends APolicyRule
long interval = notAfter.getTime() - now.getTime();
if (interval > mRenewalInterval) {
- setError(req,
- CMS.getUserMessage("CMS_POLICY_LONG_RENEWAL_LEAD_TIME",
- getInstanceName(),
- String.valueOf(mRenewalInterval / DAYS_TO_MS_FACTOR)), "");
- setError(req,
- CMS.getUserMessage("CMS_POLICY_EXISTING_CERT_DETAILS",
- getInstanceName(),
- getCertDetails(req, currentCerts[i])), "");
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_LONG_RENEWAL_LEAD_TIME",
+ getInstanceName(),
+ String.valueOf(mRenewalInterval / DAYS_TO_MS_FACTOR)), "");
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_EXISTING_CERT_DETAILS",
+ getInstanceName(),
+ getCertDetails(req, currentCerts[i])), "");
result = PolicyResult.REJECTED;
setDummyValidity(certInfo[i]);
@@ -256,19 +250,19 @@ public class RenewalValidityConstraints extends APolicyRule
// If the new notAfter is within renewal interval days from
// today or already expired, set the notBefore to today.
if (renewedNotAfter.before(now) ||
- (renewedNotAfter.getTime() - now.getTime()) <=
- mRenewalInterval) {
+ (renewedNotAfter.getTime() - now.getTime()) <=
+ mRenewalInterval) {
renewedNotBef = now;
renewedNotAfter = new Date(now.getTime() +
mMaxValidity);
}
CertificateValidity newValidity =
- new CertificateValidity(renewedNotBef, renewedNotAfter);
+ new CertificateValidity(renewedNotBef, renewedNotAfter);
certInfo[i].set(X509CertInfo.VALIDITY, newValidity);
}
} catch (Exception e) {
- String params[] = {getInstanceName(), e.toString()};
+ String params[] = { getInstanceName(), e.toString() };
setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
result = PolicyResult.REJECTED;
@@ -278,24 +272,24 @@ public class RenewalValidityConstraints extends APolicyRule
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
public Vector getInstanceParams() {
Vector confParams = new Vector();
confParams.addElement(PROP_MIN_VALIDITY + "=" +
- mMinValidity / DAYS_TO_MS_FACTOR);
+ mMinValidity / DAYS_TO_MS_FACTOR);
confParams.addElement(PROP_MAX_VALIDITY + "=" +
- mMaxValidity / DAYS_TO_MS_FACTOR);
+ mMaxValidity / DAYS_TO_MS_FACTOR);
confParams.addElement(PROP_RENEWAL_INTERVAL + "=" +
- mRenewalInterval / DAYS_TO_MS_FACTOR);
+ mRenewalInterval / DAYS_TO_MS_FACTOR);
return confParams;
}
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
public Vector getDefaultParams() {
@@ -306,7 +300,7 @@ public class RenewalValidityConstraints extends APolicyRule
private void setDummyValidity(X509CertInfo certInfo) {
try {
certInfo.set(X509CertInfo.VALIDITY,
- new CertificateValidity(CMS.getCurrentDate(), new Date()));
+ new CertificateValidity(CMS.getCurrentDate(), new Date()));
} catch (Exception e) {
}
}
@@ -317,8 +311,8 @@ public class RenewalValidityConstraints extends APolicyRule
sb.append("\n");
sb.append("Serial No: " + cert.getSerialNumber().toString(16));
sb.append("\n");
- sb.append("Validity: " + cert.getNotBefore().toString() +
- " - " + cert.getNotAfter().toString());
+ sb.append("Validity: " + cert.getNotBefore().toString() +
+ " - " + cert.getNotAfter().toString());
sb.append("\n");
String certType = req.getExtDataInString(IRequest.CERT_TYPE);
@@ -326,11 +320,12 @@ public class RenewalValidityConstraints extends APolicyRule
certType = IRequest.SERVER_CERT;
if (certType.equals(IRequest.CLIENT_CERT)) {
- /*** Take this our - URL formulation hard to do here.
- sb.append("Use the following url with your CA/RA gateway spec to download the certificate.");
- sb.append("\n");
- sb.append("/query/certImport?op=displayByserial&serialNumber=");
- sb.append(cert.getSerialNumber().toString(16));
+ /***
+ * Take this our - URL formulation hard to do here.
+ * sb.append("Use the following url with your CA/RA gateway spec to download the certificate.");
+ * sb.append("\n");
+ * sb.append("/query/certImport?op=displayByserial&serialNumber=");
+ * sb.append(cert.getSerialNumber().toString(16));
***/
sb.append("\n");
} else {
generated by cgit (git 2.34.1) at 2024-07-01 11:40:00 +0000