diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/policy/constraints')
5 files changed, 21 insertions, 17 deletions
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java index 09feb2766..b0e27501e 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java @@ -72,7 +72,7 @@ public class IssuerConstraints extends APolicyRule IExtendedPluginInfo.HELP_TEXT + ";Rejects the request if the issuer in the certificate is" + "not of the one specified" - }; + }; return params; diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java index 2b220cb8f..185bceed9 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java @@ -84,7 +84,7 @@ public class RenewalConstraints extends APolicyRule IExtendedPluginInfo.HELP_TEXT + ";Permit administrator to decide policy on whether to " + "permit renewals for already-expired certificates" - }; + }; return params; diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java index 862f8ac5a..b2f654b77 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java @@ -86,8 +86,10 @@ public class RenewalValidityConstraints extends APolicyRule public String[] getExtendedPluginInfo(Locale locale) { String[] params = { - PROP_MIN_VALIDITY + ";number;Specifies the minimum validity period, in days, for renewed certificates.", - PROP_MAX_VALIDITY + ";number;Specifies the maximum validity period, in days, for renewed certificates.", + PROP_MIN_VALIDITY + + ";number;Specifies the minimum validity period, in days, for renewed certificates.", + PROP_MAX_VALIDITY + + ";number;Specifies the maximum validity period, in days, for renewed certificates.", PROP_RENEWAL_INTERVAL + ";number;Specifies how many days before its expiration that a certificate can be renewed.", IExtendedPluginInfo.HELP_TOKEN + @@ -95,7 +97,7 @@ public class RenewalValidityConstraints extends APolicyRule IExtendedPluginInfo.HELP_TEXT + ";Reject renewal request if the certificate is too far " + "before it's expiry date" - }; + }; return params; diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java index 1dd99702f..8c2ba0796 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java @@ -376,7 +376,8 @@ public class SigningAlgorithmConstraints extends APolicyRule String[] params = null; String[] params_BOTH = { - PROP_ALGORITHMS + ";" + PROP_ALGORITHMS + + ";" + "choice(MD2withRSA\\,MD5withRSA\\,SHA1withRSA\\,SHA256withRSA\\,SHA512withRSA\\,SHA1withDSA," + "MD2withRSA\\,MD5withRSA\\,SHA1withRSA\\,SHA1withDSA," + @@ -399,7 +400,7 @@ public class SigningAlgorithmConstraints extends APolicyRule IExtendedPluginInfo.HELP_TEXT + ";Restricts the requested signing algorithm to be one of" + " the algorithms supported by Certificate System" - }; + }; String[] params_RSA = { PROP_ALGORITHMS + ";" + "choice(MD2withRSA\\,MD5withRSA\\,SHA1withRSA," + @@ -414,7 +415,7 @@ public class SigningAlgorithmConstraints extends APolicyRule IExtendedPluginInfo.HELP_TEXT + ";Restricts the requested signing algorithm to be one of" + " the algorithms supported by Certificate System" - }; + }; String[] params_DSA = { PROP_ALGORITHMS + ";" + "choice(SHA1withDSA);Restrict the requested signing " + @@ -424,7 +425,7 @@ public class SigningAlgorithmConstraints extends APolicyRule IExtendedPluginInfo.HELP_TEXT + ";Restricts the requested signing algorithm to be one of" + " the algorithms supported by Certificate System" - }; + }; switch (mDefaultAllowedAlgs.length) { case 1: diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java index a3eeae98c..8c106800a 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java @@ -94,7 +94,7 @@ public class UniqueSubjectNameConstraints extends APolicyRule IExtendedPluginInfo.HELP_TEXT + ";Rejects a request if there exists an unrevoked, unexpired " + "certificate with the same subject name" - }; + }; return params; @@ -185,14 +185,15 @@ public class UniqueSubjectNameConstraints extends APolicyRule String filter = "x509Cert.subject=" + certSubjectName; // subject name is indexed, so we only use subject name // in the filter - Enumeration matched = + Enumeration<ICertRecord> matched = mCA.getCertificateRepository().findCertRecords(filter); while (matched.hasMoreElements()) { - ICertRecord rec = (ICertRecord) matched.nextElement(); + ICertRecord rec = matched.nextElement(); String status = rec.getStatus(); - if (status.equals(ICertRecord.STATUS_REVOKED) || status.equals(ICertRecord.STATUS_EXPIRED) + if (status.equals(ICertRecord.STATUS_REVOKED) + || status.equals(ICertRecord.STATUS_EXPIRED) || status.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) { // accept this only if we have a REVOKED, // EXPIRED or REVOKED_EXPIRED certificate @@ -287,8 +288,8 @@ public class UniqueSubjectNameConstraints extends APolicyRule * * @return nvPairs A Vector of name/value pairs. */ - public Vector getInstanceParams() { - Vector confParams = new Vector(); + public Vector<String> getInstanceParams() { + Vector<String> confParams = new Vector<String>(); confParams.addElement(PROP_PRE_AGENT_APPROVAL_CHECKING + "=" + mPreAgentApprovalChecking); @@ -302,8 +303,8 @@ public class UniqueSubjectNameConstraints extends APolicyRule * * @return nvPairs A Vector of name/value pairs. */ - public Vector getDefaultParams() { - Vector defParams = new Vector(); + public Vector<String> getDefaultParams() { + Vector<String> defParams = new Vector<String>(); defParams.addElement(PROP_PRE_AGENT_APPROVAL_CHECKING + "="); defParams.addElement(PROP_KEY_USAGE_EXTENSION_CHECKING + "="); |