summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/policy/constraints
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/policy/constraints')
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java2
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java2
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java8
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java9
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java17
5 files changed, 21 insertions, 17 deletions
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java
index 09feb2766..b0e27501e 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java
@@ -72,7 +72,7 @@ public class IssuerConstraints extends APolicyRule
IExtendedPluginInfo.HELP_TEXT +
";Rejects the request if the issuer in the certificate is" +
"not of the one specified"
- };
+ };
return params;
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java
index 2b220cb8f..185bceed9 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java
@@ -84,7 +84,7 @@ public class RenewalConstraints extends APolicyRule
IExtendedPluginInfo.HELP_TEXT +
";Permit administrator to decide policy on whether to " +
"permit renewals for already-expired certificates"
- };
+ };
return params;
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java
index 862f8ac5a..b2f654b77 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java
@@ -86,8 +86,10 @@ public class RenewalValidityConstraints extends APolicyRule
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
- PROP_MIN_VALIDITY + ";number;Specifies the minimum validity period, in days, for renewed certificates.",
- PROP_MAX_VALIDITY + ";number;Specifies the maximum validity period, in days, for renewed certificates.",
+ PROP_MIN_VALIDITY
+ + ";number;Specifies the minimum validity period, in days, for renewed certificates.",
+ PROP_MAX_VALIDITY
+ + ";number;Specifies the maximum validity period, in days, for renewed certificates.",
PROP_RENEWAL_INTERVAL
+ ";number;Specifies how many days before its expiration that a certificate can be renewed.",
IExtendedPluginInfo.HELP_TOKEN +
@@ -95,7 +97,7 @@ public class RenewalValidityConstraints extends APolicyRule
IExtendedPluginInfo.HELP_TEXT +
";Reject renewal request if the certificate is too far " +
"before it's expiry date"
- };
+ };
return params;
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java
index 1dd99702f..8c2ba0796 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java
@@ -376,7 +376,8 @@ public class SigningAlgorithmConstraints extends APolicyRule
String[] params = null;
String[] params_BOTH = {
- PROP_ALGORITHMS + ";"
+ PROP_ALGORITHMS
+ + ";"
+ "choice(MD2withRSA\\,MD5withRSA\\,SHA1withRSA\\,SHA256withRSA\\,SHA512withRSA\\,SHA1withDSA,"
+
"MD2withRSA\\,MD5withRSA\\,SHA1withRSA\\,SHA1withDSA," +
@@ -399,7 +400,7 @@ public class SigningAlgorithmConstraints extends APolicyRule
IExtendedPluginInfo.HELP_TEXT +
";Restricts the requested signing algorithm to be one of" +
" the algorithms supported by Certificate System"
- };
+ };
String[] params_RSA = {
PROP_ALGORITHMS + ";" + "choice(MD2withRSA\\,MD5withRSA\\,SHA1withRSA," +
@@ -414,7 +415,7 @@ public class SigningAlgorithmConstraints extends APolicyRule
IExtendedPluginInfo.HELP_TEXT +
";Restricts the requested signing algorithm to be one of" +
" the algorithms supported by Certificate System"
- };
+ };
String[] params_DSA = {
PROP_ALGORITHMS + ";" + "choice(SHA1withDSA);Restrict the requested signing " +
@@ -424,7 +425,7 @@ public class SigningAlgorithmConstraints extends APolicyRule
IExtendedPluginInfo.HELP_TEXT +
";Restricts the requested signing algorithm to be one of" +
" the algorithms supported by Certificate System"
- };
+ };
switch (mDefaultAllowedAlgs.length) {
case 1:
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java
index a3eeae98c..8c106800a 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java
@@ -94,7 +94,7 @@ public class UniqueSubjectNameConstraints extends APolicyRule
IExtendedPluginInfo.HELP_TEXT +
";Rejects a request if there exists an unrevoked, unexpired " +
"certificate with the same subject name"
- };
+ };
return params;
@@ -185,14 +185,15 @@ public class UniqueSubjectNameConstraints extends APolicyRule
String filter = "x509Cert.subject=" + certSubjectName;
// subject name is indexed, so we only use subject name
// in the filter
- Enumeration matched =
+ Enumeration<ICertRecord> matched =
mCA.getCertificateRepository().findCertRecords(filter);
while (matched.hasMoreElements()) {
- ICertRecord rec = (ICertRecord) matched.nextElement();
+ ICertRecord rec = matched.nextElement();
String status = rec.getStatus();
- if (status.equals(ICertRecord.STATUS_REVOKED) || status.equals(ICertRecord.STATUS_EXPIRED)
+ if (status.equals(ICertRecord.STATUS_REVOKED)
+ || status.equals(ICertRecord.STATUS_EXPIRED)
|| status.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) {
// accept this only if we have a REVOKED,
// EXPIRED or REVOKED_EXPIRED certificate
@@ -287,8 +288,8 @@ public class UniqueSubjectNameConstraints extends APolicyRule
*
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getInstanceParams() {
- Vector confParams = new Vector();
+ public Vector<String> getInstanceParams() {
+ Vector<String> confParams = new Vector<String>();
confParams.addElement(PROP_PRE_AGENT_APPROVAL_CHECKING +
"=" + mPreAgentApprovalChecking);
@@ -302,8 +303,8 @@ public class UniqueSubjectNameConstraints extends APolicyRule
*
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getDefaultParams() {
- Vector defParams = new Vector();
+ public Vector<String> getDefaultParams() {
+ Vector<String> defParams = new Vector<String>();
defParams.addElement(PROP_PRE_AGENT_APPROVAL_CHECKING + "=");
defParams.addElement(PROP_KEY_USAGE_EXTENSION_CHECKING + "=");
generated by cgit (git 2.34.1) at 2024-07-06 17:47:16 +0000