summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java148
1 files changed, 72 insertions, 76 deletions
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java
index b641d91ed..023d704fb 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.extensions;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Enumeration;
@@ -43,12 +42,11 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
* Authority Information Access extension policy.
* If this policy is enabled, it adds an authority
* information access extension to the certificate.
- *
+ *
* The following listed sample configuration parameters:
*
* ca.Policy.impl.AuthInfoAccess.class=com.netscape.certsrv.policy.AuthInfoAccessExt
@@ -67,33 +65,34 @@ import com.netscape.cms.policy.APolicyRule;
* ca.Policy.rule.aia.enable=true
* ca.Policy.rule.aia.implName=AuthInfoAccess
* ca.Policy.rule.aia.predicate=
- *
+ *
* Currently, this policy only supports the following location:
- * uriName:[URI], dirName:[DN]
+ * uriName:[URI], dirName:[DN]
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class AuthInfoAccessExt extends APolicyRule implements
+public class AuthInfoAccessExt extends APolicyRule implements
IEnrollmentPolicy, IExtendedPluginInfo {
protected static final String PROP_CRITICAL =
- "critical";
+ "critical";
protected static final String PROP_AD =
- "ad";
+ "ad";
protected static final String PROP_METHOD =
- "method";
+ "method";
protected static final String PROP_LOCATION =
- "location";
+ "location";
protected static final String PROP_LOCATION_TYPE =
- "location_type";
+ "location_type";
protected static final String PROP_NUM_ADS =
- "numADs";
+ "numADs";
public static final int MAX_AD = 5;
@@ -108,13 +107,13 @@ public class AuthInfoAccessExt extends APolicyRule implements
Vector v = new Vector();
v.addElement(PROP_CRITICAL +
- ";boolean;RFC 2459 recommendation: This extension MUST be non-critical.");
+ ";boolean;RFC 2459 recommendation: This extension MUST be non-critical.");
v.addElement(PROP_NUM_ADS +
- ";number;The total number of access descriptions.");
+ ";number;The total number of access descriptions.");
v.addElement(IExtendedPluginInfo.HELP_TEXT +
- ";Adds Authority Info Access Extension. Defined in RFC 2459 " + "(4.2.2.1)");
+ ";Adds Authority Info Access Extension. Defined in RFC 2459 " + "(4.2.2.1)");
v.addElement(IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-authinfoaccess");
+ ";configuration-policyrules-authinfoaccess");
for (int i = 0; i < MAX_AD; i++) {
v.addElement(PROP_AD + Integer.toString(i) + "_" + PROP_METHOD + ";string;" + "A unique,valid OID specified in dot-separated numeric component notation. e.g. 1.3.6.1.5.5.7.48.1 (ocsp), 1.3.6.1.5.5.7.48.2 (caIssuers), 2.16.840.1.113730.1.16.1 (renewal)");
@@ -127,17 +126,15 @@ public class AuthInfoAccessExt extends APolicyRule implements
/**
* Initializes this policy rule.
* <P>
- *
+ *
* The entries may be of the form:
- *
- * ca.Policy.rule.<ruleName>.implName=AuthInfoAccessExt
- * ca.Policy.rule.<ruleName>.enable=true
- * ca.Policy.rule.<ruleName>.predicate=
- *
- * @param config The config store reference
+ *
+ * ca.Policy.rule.<ruleName>.implName=AuthInfoAccessExt ca.Policy.rule.<ruleName>.enable=true ca.Policy.rule.<ruleName>.predicate=
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mConfig = config;
}
@@ -152,7 +149,7 @@ public class AuthInfoAccessExt extends APolicyRule implements
//
for (int i = 0;; i++) {
ObjectIdentifier methodOID = null;
- String method = mConfig.getString(PROP_AD +
+ String method = mConfig.getString(PROP_AD +
Integer.toString(i) + "_" + PROP_METHOD, null);
if (method == null)
@@ -161,10 +158,10 @@ public class AuthInfoAccessExt extends APolicyRule implements
if (method.equals(""))
break;
- //
- // method ::= ocsp | caIssuers | <OID>
- // OID ::= [object identifier]
- //
+ //
+ // method ::= ocsp | caIssuers | <OID>
+ // OID ::= [object identifier]
+ //
try {
if (method.equalsIgnoreCase("ocsp")) {
methodOID = ObjectIdentifier.getObjectIdentifier("1.3.6.1.5.5.7.48.1");
@@ -185,17 +182,17 @@ public class AuthInfoAccessExt extends APolicyRule implements
// TAG ::= uriName | dirName
// VALUE ::= [value defined by TAG]
//
- String location_type = mConfig.getString(PROP_AD +
- Integer.toString(i) +
+ String location_type = mConfig.getString(PROP_AD +
+ Integer.toString(i) +
"_" + PROP_LOCATION_TYPE, null);
- String location = mConfig.getString(PROP_AD +
- Integer.toString(i) +
+ String location = mConfig.getString(PROP_AD +
+ Integer.toString(i) +
"_" + PROP_LOCATION, null);
if (location == null)
break;
GeneralName gn = CMS.form_GeneralName(location_type, location);
- Vector e = new Vector();
+ Vector e = new Vector();
e.addElement(methodOID);
e.addElement(gn);
@@ -208,7 +205,7 @@ public class AuthInfoAccessExt extends APolicyRule implements
* If this policy is enabled, add the authority information
* access extension to the certificate.
* <P>
- *
+ *
* @param req The request on which to apply policy.
* @return The policy result object.
*/
@@ -220,7 +217,7 @@ public class AuthInfoAccessExt extends APolicyRule implements
IRequest.CERT_INFO);
if (ci == null) {
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), "");
+ setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), "");
return PolicyResult.REJECTED; // unrecoverable error.
}
@@ -228,8 +225,8 @@ public class AuthInfoAccessExt extends APolicyRule implements
certInfo = ci[j];
if (certInfo == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, ""));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, ""));
+ setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
NAME, "Configuration Info Error"), "");
return PolicyResult.REJECTED; // unrecoverable error.
}
@@ -237,19 +234,19 @@ public class AuthInfoAccessExt extends APolicyRule implements
try {
// Find the extensions in the certInfo
CertificateExtensions extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ certInfo.get(X509CertInfo.EXTENSIONS);
// add access descriptions
Enumeration e = getAccessDescriptions();
if (!e.hasMoreElements()) {
return res;
- }
-
+ }
+
if (extensions == null) {
// create extension if not exist
certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ new CertificateVersion(CertificateVersion.V3));
extensions = new CertificateExtensions();
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
} else {
@@ -262,9 +259,9 @@ public class AuthInfoAccessExt extends APolicyRule implements
}
// Create the extension
- AuthInfoAccessExtension aiaExt = new
- AuthInfoAccessExtension(mConfig.getBoolean(
- PROP_CRITICAL, false));
+ AuthInfoAccessExtension aiaExt = new
+ AuthInfoAccessExtension(mConfig.getBoolean(
+ PROP_CRITICAL, false));
while (e.hasMoreElements()) {
Vector ad = (Vector) e.nextElement();
@@ -277,17 +274,17 @@ public class AuthInfoAccessExt extends APolicyRule implements
} catch (IOException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
+ setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
NAME, e.getMessage()), "");
return PolicyResult.REJECTED; // unrecoverable error.
} catch (EBaseException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
+ setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
NAME, "Configuration Info Error"), "");
return PolicyResult.REJECTED; // unrecoverable error.
} catch (CertificateException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
+ setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
NAME, "Certificate Info Error"), "");
return PolicyResult.REJECTED; // unrecoverable error.
}
@@ -298,15 +295,15 @@ public class AuthInfoAccessExt extends APolicyRule implements
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getInstanceParams() {
+ public Vector getInstanceParams() {
Vector params = new Vector();
try {
- params.addElement(PROP_CRITICAL + "=" +
- mConfig.getBoolean(PROP_CRITICAL, false));
+ params.addElement(PROP_CRITICAL + "=" +
+ mConfig.getBoolean(PROP_CRITICAL, false));
} catch (EBaseException e) {
params.addElement(PROP_CRITICAL + "=false");
}
@@ -324,46 +321,46 @@ public class AuthInfoAccessExt extends APolicyRule implements
String method = null;
try {
- method = mConfig.getString(PROP_AD +
+ method = mConfig.getString(PROP_AD +
Integer.toString(i) + "_" + PROP_METHOD,
"");
} catch (EBaseException e) {
}
- params.addElement(PROP_AD +
- Integer.toString(i) +
- "_" + PROP_METHOD + "=" + method);
+ params.addElement(PROP_AD +
+ Integer.toString(i) +
+ "_" + PROP_METHOD + "=" + method);
String location_type = null;
try {
- location_type = mConfig.getString(PROP_AD +
- Integer.toString(i) + "_" + PROP_LOCATION_TYPE,
+ location_type = mConfig.getString(PROP_AD +
+ Integer.toString(i) + "_" + PROP_LOCATION_TYPE,
IGeneralNameUtil.GENNAME_CHOICE_URL);
} catch (EBaseException e) {
}
- params.addElement(PROP_AD +
- Integer.toString(i) +
- "_" + PROP_LOCATION_TYPE + "=" + location_type);
+ params.addElement(PROP_AD +
+ Integer.toString(i) +
+ "_" + PROP_LOCATION_TYPE + "=" + location_type);
String location = null;
try {
- location = mConfig.getString(PROP_AD +
- Integer.toString(i) + "_" + PROP_LOCATION,
+ location = mConfig.getString(PROP_AD +
+ Integer.toString(i) + "_" + PROP_LOCATION,
"");
} catch (EBaseException e) {
}
- params.addElement(PROP_AD +
- Integer.toString(i) +
- "_" + PROP_LOCATION + "=" + location);
+ params.addElement(PROP_AD +
+ Integer.toString(i) +
+ "_" + PROP_LOCATION + "=" + location);
}
return params;
}
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getDefaultParams() {
+ public Vector getDefaultParams() {
Vector defParams = new Vector();
defParams.addElement(PROP_CRITICAL + "=false");
@@ -375,14 +372,13 @@ public class AuthInfoAccessExt extends APolicyRule implements
// the CMS.cfg
//
for (int i = 0; i < MAX_AD; i++) {
- defParams.addElement(PROP_AD + Integer.toString(i) +
- "_" + PROP_METHOD + "=");
- defParams.addElement(PROP_AD + Integer.toString(i) +
- "_" + PROP_LOCATION_TYPE + "=" + IGeneralNameUtil.GENNAME_CHOICE_URL);
- defParams.addElement(PROP_AD + Integer.toString(i) +
- "_" + PROP_LOCATION + "=");
+ defParams.addElement(PROP_AD + Integer.toString(i) +
+ "_" + PROP_METHOD + "=");
+ defParams.addElement(PROP_AD + Integer.toString(i) +
+ "_" + PROP_LOCATION_TYPE + "=" + IGeneralNameUtil.GENNAME_CHOICE_URL);
+ defParams.addElement(PROP_AD + Integer.toString(i) +
+ "_" + PROP_LOCATION + "=");
}
return defParams;
}
}
-
generated by cgit (git 2.34.1) at 2024-07-06 04:36:18 +0000