summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java131
1 files changed, 75 insertions, 56 deletions
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java
index 8c9fd70d6..4e4c2f603 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.constraint;
+
import java.io.IOException;
import java.util.Locale;
@@ -39,18 +40,24 @@ import com.netscape.cms.profile.def.BasicConstraintsExtDefault;
import com.netscape.cms.profile.def.NoDefault;
import com.netscape.cms.profile.def.UserExtensionDefault;
+
/**
- * This class implements the basic constraints extension constraint. It checks
- * if the basic constraint in the certificate template satisfies the criteria.
- *
+ * This class implements the basic constraints extension constraint.
+ * It checks if the basic constraint in the certificate
+ * template satisfies the criteria.
+ *
* @version $Revision$, $Date$
*/
public class BasicConstraintsExtConstraint extends EnrollConstraint {
- public static final String CONFIG_CRITICAL = "basicConstraintsCritical";
- public static final String CONFIG_IS_CA = "basicConstraintsIsCA";
- public static final String CONFIG_MIN_PATH_LEN = "basicConstraintsMinPathLen";
- public static final String CONFIG_MAX_PATH_LEN = "basicConstraintsMaxPathLen";
+ public static final String CONFIG_CRITICAL =
+ "basicConstraintsCritical";
+ public static final String CONFIG_IS_CA =
+ "basicConstraintsIsCA";
+ public static final String CONFIG_MIN_PATH_LEN =
+ "basicConstraintsMinPathLen";
+ public static final String CONFIG_MAX_PATH_LEN =
+ "basicConstraintsMaxPathLen";
public BasicConstraintsExtConstraint() {
super();
@@ -64,42 +71,50 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint {
* Initializes this constraint plugin.
*/
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
- if (name.equals(CONFIG_CRITICAL)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ if (name.equals(CONFIG_CRITICAL)) {
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-",
+ "-",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(CONFIG_IS_CA)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-",
+ "-",
CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA"));
} else if (name.equals(CONFIG_MIN_PATH_LEN)) {
- return new Descriptor(IDescriptor.INTEGER, null, "-1",
+ return new Descriptor(IDescriptor.INTEGER, null,
+ "-1",
CMS.getUserMessage(locale, "CMS_PROFILE_MIN_PATH_LEN"));
} else if (name.equals(CONFIG_MAX_PATH_LEN)) {
- return new Descriptor(IDescriptor.INTEGER, null, "100",
+ return new Descriptor(IDescriptor.INTEGER, null,
+ "100",
CMS.getUserMessage(locale, "CMS_PROFILE_MAX_PATH_LEN"));
}
return null;
}
/**
- * Validates the request. The request is not modified during the validation.
+ * Validates the request. The request is not modified
+ * during the validation.
*/
public void validate(IRequest request, X509CertInfo info)
- throws ERejectException {
+ throws ERejectException {
CertificateExtensions exts = null;
try {
- BasicConstraintsExtension ext = (BasicConstraintsExtension) getExtension(
- PKIXExtensions.BasicConstraints_Id.toString(), info);
+ BasicConstraintsExtension ext = (BasicConstraintsExtension)
+ getExtension(PKIXExtensions.BasicConstraints_Id.toString(),
+ info);
if (ext == null) {
- throw new ERejectException(CMS.getUserMessage(
- getLocale(request), "CMS_PROFILE_EXTENSION_NOT_FOUND",
- PKIXExtensions.BasicConstraints_Id.toString()));
+ throw new ERejectException(
+ CMS.getUserMessage(
+ getLocale(request),
+ "CMS_PROFILE_EXTENSION_NOT_FOUND",
+ PKIXExtensions.BasicConstraints_Id.toString()));
}
// check criticality
@@ -109,66 +124,67 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint {
boolean critical = getBoolean(value);
if (critical != ext.isCritical()) {
- throw new ERejectException(CMS.getUserMessage(
- getLocale(request),
- "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
+ throw new ERejectException(
+ CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
}
- }
+ }
value = getConfig(CONFIG_IS_CA);
if (!isOptional(value)) {
boolean isCA = getBoolean(value);
- Boolean extIsCA = (Boolean) ext
- .get(BasicConstraintsExtension.IS_CA);
+ Boolean extIsCA = (Boolean) ext.get(BasicConstraintsExtension.IS_CA);
if (isCA != extIsCA.booleanValue()) {
throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_IS_CA"));
+ CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_IS_CA"));
}
- }
+ }
value = getConfig(CONFIG_MIN_PATH_LEN);
if (!isOptional(value)) {
int pathLen = getInt(value);
- Integer extPathLen = (Integer) ext
- .get(BasicConstraintsExtension.PATH_LEN);
+ Integer extPathLen = (Integer) ext.get(BasicConstraintsExtension.PATH_LEN);
if (pathLen > extPathLen.intValue()) {
- CMS.debug("BasicCOnstraintsExtConstraint: pathLen="
- + pathLen + " > extPathLen=" + extPathLen);
+ CMS.debug("BasicCOnstraintsExtConstraint: pathLen=" + pathLen + " > extPathLen=" + extPathLen);
throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MIN_PATH"));
+ CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MIN_PATH"));
}
}
value = getConfig(CONFIG_MAX_PATH_LEN);
if (!isOptional(value)) {
int pathLen = getInt(value);
- Integer extPathLen = (Integer) ext
- .get(BasicConstraintsExtension.PATH_LEN);
+ Integer extPathLen = (Integer) ext.get(BasicConstraintsExtension.PATH_LEN);
if (pathLen < extPathLen.intValue()) {
- CMS.debug("BasicCOnstraintsExtConstraint: pathLen="
- + pathLen + " < extPathLen=" + extPathLen);
+ CMS.debug("BasicCOnstraintsExtConstraint: pathLen=" + pathLen + " < extPathLen=" + extPathLen);
throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MAX_PATH"));
+ CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MAX_PATH"));
}
}
} catch (IOException e) {
CMS.debug("BasicConstraintsExt: validate " + e.toString());
- throw new ERejectException(CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_EXTENSION_NOT_FOUND",
- PKIXExtensions.BasicConstraints_Id.toString()));
+ throw new ERejectException(
+ CMS.getUserMessage(
+ getLocale(request),
+ "CMS_PROFILE_EXTENSION_NOT_FOUND",
+ PKIXExtensions.BasicConstraints_Id.toString()));
}
}
public String getText(Locale locale) {
- String params[] = { getConfig(CONFIG_CRITICAL),
- getConfig(CONFIG_IS_CA), getConfig(CONFIG_MIN_PATH_LEN),
- getConfig(CONFIG_MAX_PATH_LEN) };
-
- return CMS.getUserMessage(locale,
- "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_TEXT", params);
+ String params[] = {
+ getConfig(CONFIG_CRITICAL),
+ getConfig(CONFIG_IS_CA),
+ getConfig(CONFIG_MIN_PATH_LEN),
+ getConfig(CONFIG_MAX_PATH_LEN)
+ };
+
+ return CMS.getUserMessage(locale,
+ "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_TEXT",
+ params);
}
public boolean isApplicable(IPolicyDefault def) {
@@ -181,17 +197,19 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint {
return false;
}
- public void setConfig(String name, String value) throws EPropertyException {
+ public void setConfig(String name, String value)
+ throws EPropertyException {
+
if (mConfig.getSubStore("params") == null) {
CMS.debug("BasicConstraintsExt: mConfig.getSubStore is null");
//
} else {
- CMS.debug("BasicConstraintsExt: setConfig name " + name + " value "
- + value);
+ CMS.debug("BasicConstraintsExt: setConfig name " + name + " value " + value);
- if (name.equals(CONFIG_MAX_PATH_LEN)) {
+ if(name.equals(CONFIG_MAX_PATH_LEN))
+ {
String minPathLen = getConfig(CONFIG_MIN_PATH_LEN);
@@ -199,12 +217,13 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint {
int maxLen = getInt(value);
- if (minLen >= maxLen) {
+ if(minLen >= maxLen) {
CMS.debug("BasicConstraintExt: minPathLen >= maxPathLen!");
throw new EPropertyException("bad value");
}
+
}
mConfig.getSubStore("params").putString(name, value);
}
generated by cgit (git 2.34.1) at 2024-07-04 03:33:55 +0000