summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java207
1 files changed, 103 insertions, 104 deletions
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java
index e6cbddf60..a17212290 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.extensions;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Locale;
@@ -43,31 +42,26 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
- * Certificate Scope Of Use extension policy. This extension
- * is defined in draft-thayes-cert-scope-00.txt
+ * Certificate Scope Of Use extension policy. This extension is defined in
+ * draft-thayes-cert-scope-00.txt
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class CertificateScopeOfUseExt extends APolicyRule implements
+public class CertificateScopeOfUseExt extends APolicyRule implements
IEnrollmentPolicy, IExtendedPluginInfo {
- protected static final String PROP_CRITICAL =
- "critical";
- protected static final String PROP_ENTRY =
- "entry";
- protected static final String PROP_NAME =
- "name";
- protected static final String PROP_NAME_TYPE =
- "name_type";
- protected static final String PROP_PORT_NUMBER =
- "port_number";
+ protected static final String PROP_CRITICAL = "critical";
+ protected static final String PROP_ENTRY = "entry";
+ protected static final String PROP_NAME = "name";
+ protected static final String PROP_NAME_TYPE = "name_type";
+ protected static final String PROP_PORT_NUMBER = "port_number";
public static final int MAX_ENTRY = 5;
@@ -81,17 +75,22 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
public String[] getExtendedPluginInfo(Locale locale) {
Vector v = new Vector();
- v.addElement(PROP_CRITICAL +
- ";boolean; This extension may be either critical or non-critical.");
- v.addElement(IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-certificatescopeofuse");
- v.addElement(IExtendedPluginInfo.HELP_TEXT +
- ";Adds Certificate Scope of Use Extension.");
+ v.addElement(PROP_CRITICAL
+ + ";boolean; This extension may be either critical or non-critical.");
+ v.addElement(IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-certificatescopeofuse");
+ v.addElement(IExtendedPluginInfo.HELP_TEXT
+ + ";Adds Certificate Scope of Use Extension.");
for (int i = 0; i < MAX_ENTRY; i++) {
- v.addElement(PROP_ENTRY + Integer.toString(i) + "_" + PROP_NAME + ";" + IGeneralNameUtil.GENNAME_VALUE_INFO);
- v.addElement(PROP_ENTRY + Integer.toString(i) + "_" + PROP_NAME_TYPE + ";" + IGeneralNameUtil.GENNAME_CHOICE_INFO);
- v.addElement(PROP_ENTRY + Integer.toString(i) + "_" + PROP_PORT_NUMBER + ";string;" + "The port number (optional).");
+ v.addElement(PROP_ENTRY + Integer.toString(i) + "_" + PROP_NAME
+ + ";" + IGeneralNameUtil.GENNAME_VALUE_INFO);
+ v.addElement(PROP_ENTRY + Integer.toString(i) + "_"
+ + PROP_NAME_TYPE + ";"
+ + IGeneralNameUtil.GENNAME_CHOICE_INFO);
+ v.addElement(PROP_ENTRY + Integer.toString(i) + "_"
+ + PROP_PORT_NUMBER + ";string;"
+ + "The port number (optional).");
}
return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
}
@@ -99,17 +98,17 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
/**
* Initializes this policy rule.
* <P>
- *
+ *
* The entries may be of the form:
- *
- * ca.Policy.rule.<ruleName>.implName=AuthInfoAccessExt
- * ca.Policy.rule.<ruleName>.enable=true
- * ca.Policy.rule.<ruleName>.predicate=
- *
- * @param config The config store reference
+ *
+ * ca.Policy.rule.<ruleName>.implName=AuthInfoAccessExt
+ * ca.Policy.rule.<ruleName>.enable=true
+ * ca.Policy.rule.<ruleName>.predicate=
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mConfig = config;
}
@@ -124,8 +123,8 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
//
for (int i = 0;; i++) {
// get port number (optional)
- String port = mConfig.getString(PROP_ENTRY +
- Integer.toString(i) + "_" + PROP_PORT_NUMBER, null);
+ String port = mConfig.getString(PROP_ENTRY + Integer.toString(i)
+ + "_" + PROP_PORT_NUMBER, null);
BigInt portNumber = null;
if (port != null && !port.equals("")) {
@@ -137,12 +136,11 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
// TAG ::= uriName | dirName
// VALUE ::= [value defined by TAG]
//
- String name_type = mConfig.getString(PROP_ENTRY +
- Integer.toString(i) +
- "_" + PROP_NAME_TYPE, null);
- String name = mConfig.getString(PROP_ENTRY +
- Integer.toString(i) +
- "_" + PROP_NAME, null);
+ String name_type = mConfig.getString(
+ PROP_ENTRY + Integer.toString(i) + "_" + PROP_NAME_TYPE,
+ null);
+ String name = mConfig.getString(PROP_ENTRY + Integer.toString(i)
+ + "_" + PROP_NAME, null);
if (name == null || name.equals(""))
break;
@@ -154,10 +152,10 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
}
/**
- * If this policy is enabled, add the authority information
- * access extension to the certificate.
+ * If this policy is enabled, add the authority information access extension
+ * to the certificate.
* <P>
- *
+ *
* @param req The request on which to apply policy.
* @return The policy result object.
*/
@@ -165,11 +163,10 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
PolicyResult res = PolicyResult.ACCEPTED;
X509CertInfo certInfo;
- X509CertInfo[] ci = req.getExtDataInCertInfoArray(
- IRequest.CERT_INFO);
+ X509CertInfo[] ci = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
if (ci == null) {
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
+ setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
return PolicyResult.REJECTED; // unrecoverable error.
}
@@ -177,64 +174,73 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
certInfo = ci[j];
if (certInfo == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CA_CERT_INFO_ERROR", NAME));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, "Configuration Info Error");
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CA_CERT_INFO_ERROR", NAME));
+ setError(
+ req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, "Configuration Info Error");
return PolicyResult.REJECTED; // unrecoverable error.
}
try {
// Find the extensions in the certInfo
- CertificateExtensions extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ CertificateExtensions extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
// add access descriptions
Vector entries = getScopeEntries();
if (entries.size() == 0) {
return res;
- }
-
+ }
+
if (extensions == null) {
// create extension if not exist
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
extensions = new CertificateExtensions();
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
} else {
// check to see if AIA is already exist
try {
extensions.delete(CertificateScopeOfUseExtension.NAME);
- log(ILogger.LL_INFO, "Previous extension deleted: " + CertificateScopeOfUseExtension.NAME);
+ log(ILogger.LL_INFO, "Previous extension deleted: "
+ + CertificateScopeOfUseExtension.NAME);
} catch (IOException ex) {
}
}
// Create the extension
- CertificateScopeOfUseExtension suExt = new
- CertificateScopeOfUseExtension(mConfig.getBoolean(
- PROP_CRITICAL, false), entries);
+ CertificateScopeOfUseExtension suExt = new CertificateScopeOfUseExtension(
+ mConfig.getBoolean(PROP_CRITICAL, false), entries);
extensions.set(CertificateScopeOfUseExtension.NAME, suExt);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, e.getMessage());
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
+ setError(
+ req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, e.getMessage());
return PolicyResult.REJECTED; // unrecoverable error.
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE,
- "Configuration Info Error encountered: " +
- e.getMessage());
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, "Configuration Info Error");
+ log(ILogger.LL_FAILURE,
+ "Configuration Info Error encountered: "
+ + e.getMessage());
+ setError(
+ req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, "Configuration Info Error");
return PolicyResult.REJECTED; // unrecoverable error.
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, "Certificate Info Error");
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
+ setError(
+ req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, "Certificate Info Error");
return PolicyResult.REJECTED; // unrecoverable error.
}
}
@@ -244,15 +250,15 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getInstanceParams() {
+ public Vector getInstanceParams() {
Vector params = new Vector();
try {
- params.addElement(PROP_CRITICAL + "=" +
- mConfig.getBoolean(PROP_CRITICAL, false));
+ params.addElement(PROP_CRITICAL + "="
+ + mConfig.getBoolean(PROP_CRITICAL, false));
} catch (EBaseException e) {
}
@@ -260,50 +266,44 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
String name_type = null;
try {
- name_type = mConfig.getString(PROP_ENTRY +
- Integer.toString(i) + "_" + PROP_NAME_TYPE,
- null);
+ name_type = mConfig.getString(PROP_ENTRY + Integer.toString(i)
+ + "_" + PROP_NAME_TYPE, null);
} catch (EBaseException e) {
}
if (name_type == null)
break;
- params.addElement(PROP_ENTRY +
- Integer.toString(i) +
- "_" + PROP_NAME_TYPE + "=" + name_type);
+ params.addElement(PROP_ENTRY + Integer.toString(i) + "_"
+ + PROP_NAME_TYPE + "=" + name_type);
String name = null;
try {
- name = mConfig.getString(PROP_ENTRY +
- Integer.toString(i) + "_" + PROP_NAME,
- null);
+ name = mConfig.getString(PROP_ENTRY + Integer.toString(i) + "_"
+ + PROP_NAME, null);
} catch (EBaseException e) {
}
if (name == null)
break;
- params.addElement(PROP_ENTRY +
- Integer.toString(i) +
- "_" + PROP_NAME + "=" + name);
+ params.addElement(PROP_ENTRY + Integer.toString(i) + "_"
+ + PROP_NAME + "=" + name);
String port = null;
try {
- port = mConfig.getString(PROP_ENTRY +
- Integer.toString(i) + "_" + PROP_PORT_NUMBER,
- "");
+ port = mConfig.getString(PROP_ENTRY + Integer.toString(i) + "_"
+ + PROP_PORT_NUMBER, "");
} catch (EBaseException e) {
}
- params.addElement(PROP_ENTRY +
- Integer.toString(i) +
- "_" + PROP_PORT_NUMBER + "=" + port);
+ params.addElement(PROP_ENTRY + Integer.toString(i) + "_"
+ + PROP_PORT_NUMBER + "=" + port);
}
return params;
}
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getDefaultParams() {
+ public Vector getDefaultParams() {
Vector defParams = new Vector();
defParams.addElement(PROP_CRITICAL + "=false");
@@ -314,14 +314,13 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
// the CMS.cfg
//
for (int i = 0; i < MAX_ENTRY; i++) {
- defParams.addElement(PROP_ENTRY + Integer.toString(i) +
- "_" + PROP_NAME_TYPE + "=");
- defParams.addElement(PROP_ENTRY + Integer.toString(i) +
- "_" + PROP_NAME + "=");
- defParams.addElement(PROP_ENTRY + Integer.toString(i) +
- "_" + PROP_PORT_NUMBER + "=");
+ defParams.addElement(PROP_ENTRY + Integer.toString(i) + "_"
+ + PROP_NAME_TYPE + "=");
+ defParams.addElement(PROP_ENTRY + Integer.toString(i) + "_"
+ + PROP_NAME + "=");
+ defParams.addElement(PROP_ENTRY + Integer.toString(i) + "_"
+ + PROP_PORT_NUMBER + "=");
}
return defParams;
}
}
-
generated by cgit (git 2.34.1) at 2024-07-07 13:50:22 +0000