diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java | 148 |
1 files changed, 72 insertions, 76 deletions
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java index b641d91ed..023d704fb 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Enumeration; @@ -43,12 +42,11 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * Authority Information Access extension policy. * If this policy is enabled, it adds an authority * information access extension to the certificate. - * + * * The following listed sample configuration parameters: * * ca.Policy.impl.AuthInfoAccess.class=com.netscape.certsrv.policy.AuthInfoAccessExt @@ -67,33 +65,34 @@ import com.netscape.cms.policy.APolicyRule; * ca.Policy.rule.aia.enable=true * ca.Policy.rule.aia.implName=AuthInfoAccess * ca.Policy.rule.aia.predicate= - * + * * Currently, this policy only supports the following location: - * uriName:[URI], dirName:[DN] + * uriName:[URI], dirName:[DN] * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ -public class AuthInfoAccessExt extends APolicyRule implements +public class AuthInfoAccessExt extends APolicyRule implements IEnrollmentPolicy, IExtendedPluginInfo { protected static final String PROP_CRITICAL = - "critical"; + "critical"; protected static final String PROP_AD = - "ad"; + "ad"; protected static final String PROP_METHOD = - "method"; + "method"; protected static final String PROP_LOCATION = - "location"; + "location"; protected static final String PROP_LOCATION_TYPE = - "location_type"; + "location_type"; protected static final String PROP_NUM_ADS = - "numADs"; + "numADs"; public static final int MAX_AD = 5; @@ -108,13 +107,13 @@ public class AuthInfoAccessExt extends APolicyRule implements Vector v = new Vector(); v.addElement(PROP_CRITICAL + - ";boolean;RFC 2459 recommendation: This extension MUST be non-critical."); + ";boolean;RFC 2459 recommendation: This extension MUST be non-critical."); v.addElement(PROP_NUM_ADS + - ";number;The total number of access descriptions."); + ";number;The total number of access descriptions."); v.addElement(IExtendedPluginInfo.HELP_TEXT + - ";Adds Authority Info Access Extension. Defined in RFC 2459 " + "(4.2.2.1)"); + ";Adds Authority Info Access Extension. Defined in RFC 2459 " + "(4.2.2.1)"); v.addElement(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-authinfoaccess"); + ";configuration-policyrules-authinfoaccess"); for (int i = 0; i < MAX_AD; i++) { v.addElement(PROP_AD + Integer.toString(i) + "_" + PROP_METHOD + ";string;" + "A unique,valid OID specified in dot-separated numeric component notation. e.g. 1.3.6.1.5.5.7.48.1 (ocsp), 1.3.6.1.5.5.7.48.2 (caIssuers), 2.16.840.1.113730.1.16.1 (renewal)"); @@ -127,17 +126,15 @@ public class AuthInfoAccessExt extends APolicyRule implements /** * Initializes this policy rule. * <P> - * + * * The entries may be of the form: - * - * ca.Policy.rule.<ruleName>.implName=AuthInfoAccessExt - * ca.Policy.rule.<ruleName>.enable=true - * ca.Policy.rule.<ruleName>.predicate= - * - * @param config The config store reference + * + * ca.Policy.rule.<ruleName>.implName=AuthInfoAccessExt ca.Policy.rule.<ruleName>.enable=true ca.Policy.rule.<ruleName>.predicate= + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; } @@ -152,7 +149,7 @@ public class AuthInfoAccessExt extends APolicyRule implements // for (int i = 0;; i++) { ObjectIdentifier methodOID = null; - String method = mConfig.getString(PROP_AD + + String method = mConfig.getString(PROP_AD + Integer.toString(i) + "_" + PROP_METHOD, null); if (method == null) @@ -161,10 +158,10 @@ public class AuthInfoAccessExt extends APolicyRule implements if (method.equals("")) break; - // - // method ::= ocsp | caIssuers | <OID> - // OID ::= [object identifier] - // + // + // method ::= ocsp | caIssuers | <OID> + // OID ::= [object identifier] + // try { if (method.equalsIgnoreCase("ocsp")) { methodOID = ObjectIdentifier.getObjectIdentifier("1.3.6.1.5.5.7.48.1"); @@ -185,17 +182,17 @@ public class AuthInfoAccessExt extends APolicyRule implements // TAG ::= uriName | dirName // VALUE ::= [value defined by TAG] // - String location_type = mConfig.getString(PROP_AD + - Integer.toString(i) + + String location_type = mConfig.getString(PROP_AD + + Integer.toString(i) + "_" + PROP_LOCATION_TYPE, null); - String location = mConfig.getString(PROP_AD + - Integer.toString(i) + + String location = mConfig.getString(PROP_AD + + Integer.toString(i) + "_" + PROP_LOCATION, null); if (location == null) break; GeneralName gn = CMS.form_GeneralName(location_type, location); - Vector e = new Vector(); + Vector e = new Vector(); e.addElement(methodOID); e.addElement(gn); @@ -208,7 +205,7 @@ public class AuthInfoAccessExt extends APolicyRule implements * If this policy is enabled, add the authority information * access extension to the certificate. * <P> - * + * * @param req The request on which to apply policy. * @return The policy result object. */ @@ -220,7 +217,7 @@ public class AuthInfoAccessExt extends APolicyRule implements IRequest.CERT_INFO); if (ci == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), ""); + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), ""); return PolicyResult.REJECTED; // unrecoverable error. } @@ -228,8 +225,8 @@ public class AuthInfoAccessExt extends APolicyRule implements certInfo = ci[j]; if (certInfo == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, "")); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", + log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, "")); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", NAME, "Configuration Info Error"), ""); return PolicyResult.REJECTED; // unrecoverable error. } @@ -237,19 +234,19 @@ public class AuthInfoAccessExt extends APolicyRule implements try { // Find the extensions in the certInfo CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); // add access descriptions Enumeration e = getAccessDescriptions(); if (!e.hasMoreElements()) { return res; - } - + } + if (extensions == null) { // create extension if not exist certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } else { @@ -262,9 +259,9 @@ public class AuthInfoAccessExt extends APolicyRule implements } // Create the extension - AuthInfoAccessExtension aiaExt = new - AuthInfoAccessExtension(mConfig.getBoolean( - PROP_CRITICAL, false)); + AuthInfoAccessExtension aiaExt = new + AuthInfoAccessExtension(mConfig.getBoolean( + PROP_CRITICAL, false)); while (e.hasMoreElements()) { Vector ad = (Vector) e.nextElement(); @@ -277,17 +274,17 @@ public class AuthInfoAccessExt extends APolicyRule implements } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage()), ""); return PolicyResult.REJECTED; // unrecoverable error. } catch (EBaseException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", NAME, "Configuration Info Error"), ""); return PolicyResult.REJECTED; // unrecoverable error. } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", NAME, "Certificate Info Error"), ""); return PolicyResult.REJECTED; // unrecoverable error. } @@ -298,15 +295,15 @@ public class AuthInfoAccessExt extends APolicyRule implements /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector getInstanceParams() { + public Vector getInstanceParams() { Vector params = new Vector(); try { - params.addElement(PROP_CRITICAL + "=" + - mConfig.getBoolean(PROP_CRITICAL, false)); + params.addElement(PROP_CRITICAL + "=" + + mConfig.getBoolean(PROP_CRITICAL, false)); } catch (EBaseException e) { params.addElement(PROP_CRITICAL + "=false"); } @@ -324,46 +321,46 @@ public class AuthInfoAccessExt extends APolicyRule implements String method = null; try { - method = mConfig.getString(PROP_AD + + method = mConfig.getString(PROP_AD + Integer.toString(i) + "_" + PROP_METHOD, ""); } catch (EBaseException e) { } - params.addElement(PROP_AD + - Integer.toString(i) + - "_" + PROP_METHOD + "=" + method); + params.addElement(PROP_AD + + Integer.toString(i) + + "_" + PROP_METHOD + "=" + method); String location_type = null; try { - location_type = mConfig.getString(PROP_AD + - Integer.toString(i) + "_" + PROP_LOCATION_TYPE, + location_type = mConfig.getString(PROP_AD + + Integer.toString(i) + "_" + PROP_LOCATION_TYPE, IGeneralNameUtil.GENNAME_CHOICE_URL); } catch (EBaseException e) { } - params.addElement(PROP_AD + - Integer.toString(i) + - "_" + PROP_LOCATION_TYPE + "=" + location_type); + params.addElement(PROP_AD + + Integer.toString(i) + + "_" + PROP_LOCATION_TYPE + "=" + location_type); String location = null; try { - location = mConfig.getString(PROP_AD + - Integer.toString(i) + "_" + PROP_LOCATION, + location = mConfig.getString(PROP_AD + + Integer.toString(i) + "_" + PROP_LOCATION, ""); } catch (EBaseException e) { } - params.addElement(PROP_AD + - Integer.toString(i) + - "_" + PROP_LOCATION + "=" + location); + params.addElement(PROP_AD + + Integer.toString(i) + + "_" + PROP_LOCATION + "=" + location); } return params; } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector getDefaultParams() { + public Vector getDefaultParams() { Vector defParams = new Vector(); defParams.addElement(PROP_CRITICAL + "=false"); @@ -375,14 +372,13 @@ public class AuthInfoAccessExt extends APolicyRule implements // the CMS.cfg // for (int i = 0; i < MAX_AD; i++) { - defParams.addElement(PROP_AD + Integer.toString(i) + - "_" + PROP_METHOD + "="); - defParams.addElement(PROP_AD + Integer.toString(i) + - "_" + PROP_LOCATION_TYPE + "=" + IGeneralNameUtil.GENNAME_CHOICE_URL); - defParams.addElement(PROP_AD + Integer.toString(i) + - "_" + PROP_LOCATION + "="); + defParams.addElement(PROP_AD + Integer.toString(i) + + "_" + PROP_METHOD + "="); + defParams.addElement(PROP_AD + Integer.toString(i) + + "_" + PROP_LOCATION_TYPE + "=" + IGeneralNameUtil.GENNAME_CHOICE_URL); + defParams.addElement(PROP_AD + Integer.toString(i) + + "_" + PROP_LOCATION + "="); } return defParams; } } - |