summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java171
1 files changed, 69 insertions, 102 deletions
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java
index 4a483b43d..416222814 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.constraint;
-
import java.util.Locale;
import netscape.security.x509.KeyUsageExtension;
@@ -37,25 +36,19 @@ import com.netscape.cms.profile.def.KeyUsageExtDefault;
import com.netscape.cms.profile.def.NoDefault;
import com.netscape.cms.profile.def.UserExtensionDefault;
-
/**
- * This class implements the key usage extension constraint.
- * It checks if the key usage constraint in the certificate
- * template satisfies the criteria.
- *
+ * This class implements the key usage extension constraint. It checks if the
+ * key usage constraint in the certificate template satisfies the criteria.
+ *
* @version $Revision$, $Date$
*/
public class KeyUsageExtConstraint extends EnrollConstraint {
public static final String CONFIG_CRITICAL = "keyUsageCritical";
- public static final String CONFIG_DIGITAL_SIGNATURE =
- "keyUsageDigitalSignature";
- public static final String CONFIG_NON_REPUDIATION =
- "keyUsageNonRepudiation";
- public static final String CONFIG_KEY_ENCIPHERMENT =
- "keyUsageKeyEncipherment";
- public static final String CONFIG_DATA_ENCIPHERMENT =
- "keyUsageDataEncipherment";
+ public static final String CONFIG_DIGITAL_SIGNATURE = "keyUsageDigitalSignature";
+ public static final String CONFIG_NON_REPUDIATION = "keyUsageNonRepudiation";
+ public static final String CONFIG_KEY_ENCIPHERMENT = "keyUsageKeyEncipherment";
+ public static final String CONFIG_DATA_ENCIPHERMENT = "keyUsageDataEncipherment";
public static final String CONFIG_KEY_AGREEMENT = "keyUsageKeyAgreement";
public static final String CONFIG_KEY_CERTSIGN = "keyUsageKeyCertSign";
public static final String CONFIG_CRL_SIGN = "keyUsageCrlSign";
@@ -77,51 +70,41 @@ public class KeyUsageExtConstraint extends EnrollConstraint {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_CRITICAL)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-",
- "-",
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(CONFIG_DIGITAL_SIGNATURE)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-",
- "-",
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
CMS.getUserMessage(locale, "CMS_PROFILE_DIGITAL_SIGNATURE"));
} else if (name.equals(CONFIG_NON_REPUDIATION)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-",
- "-",
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
CMS.getUserMessage(locale, "CMS_PROFILE_NON_REPUDIATION"));
} else if (name.equals(CONFIG_KEY_ENCIPHERMENT)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-",
- "-",
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ENCIPHERMENT"));
} else if (name.equals(CONFIG_DATA_ENCIPHERMENT)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-",
- "-",
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
CMS.getUserMessage(locale, "CMS_PROFILE_DATA_ENCIPHERMENT"));
} else if (name.equals(CONFIG_KEY_AGREEMENT)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-",
- "-",
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
CMS.getUserMessage(locale, "CMS_PROFILE_KEY_AGREEMENT"));
} else if (name.equals(CONFIG_KEY_CERTSIGN)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-",
- "-",
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
CMS.getUserMessage(locale, "CMS_PROFILE_KEY_CERTSIGN"));
} else if (name.equals(CONFIG_CRL_SIGN)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-",
- "-",
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
CMS.getUserMessage(locale, "CMS_PROFILE_CRL_SIGN"));
} else if (name.equals(CONFIG_ENCIPHER_ONLY)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-",
- "-",
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
CMS.getUserMessage(locale, "CMS_PROFILE_ENCIPHER_ONLY"));
} else if (name.equals(CONFIG_DECIPHER_ONLY)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-",
- "-",
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
CMS.getUserMessage(locale, "CMS_PROFILE_DECIPHER_ONLY"));
}
return null;
@@ -134,20 +117,17 @@ public class KeyUsageExtConstraint extends EnrollConstraint {
}
/**
- * Validates the request. The request is not modified
- * during the validation.
+ * Validates the request. The request is not modified during the validation.
*/
public void validate(IRequest request, X509CertInfo info)
- throws ERejectException {
- KeyUsageExtension ext = (KeyUsageExtension)
- getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ throws ERejectException {
+ KeyUsageExtension ext = (KeyUsageExtension) getExtension(
+ PKIXExtensions.KeyUsage_Id.toString(), info);
if (ext == null) {
- throw new ERejectException(
- CMS.getUserMessage(
- getLocale(request),
- "CMS_PROFILE_EXTENSION_NOT_FOUND",
- PKIXExtensions.KeyUsage_Id.toString()));
+ throw new ERejectException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_EXTENSION_NOT_FOUND",
+ PKIXExtensions.KeyUsage_Id.toString()));
}
boolean[] bits = ext.getBits();
@@ -156,10 +136,9 @@ public class KeyUsageExtConstraint extends EnrollConstraint {
if (!isOptional(value)) {
boolean critical = getBoolean(value);
- if (critical != ext.isCritical()) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
+ if (critical != ext.isCritical()) {
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request), "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
}
}
value = getConfig(CONFIG_DIGITAL_SIGNATURE);
@@ -167,117 +146,105 @@ public class KeyUsageExtConstraint extends EnrollConstraint {
boolean bit = getBoolean(value);
if (bit != isSet(bits, 0)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_DIGITAL_SIGNATURE_NOT_MATCHED",
- value));
- }
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request),
+ "CMS_PROFILE_DIGITAL_SIGNATURE_NOT_MATCHED", value));
+ }
}
value = getConfig(CONFIG_NON_REPUDIATION);
if (!isOptional(value)) {
boolean bit = getBoolean(value);
if (bit != isSet(bits, 1)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_NON_REPUDIATION_NOT_MATCHED",
- value));
- }
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request),
+ "CMS_PROFILE_NON_REPUDIATION_NOT_MATCHED", value));
+ }
}
value = getConfig(CONFIG_KEY_ENCIPHERMENT);
if (!isOptional(value)) {
boolean bit = getBoolean(value);
if (bit != isSet(bits, 2)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_KEY_ENCIPHERMENT_NOT_MATCHED",
- value));
- }
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request),
+ "CMS_PROFILE_KEY_ENCIPHERMENT_NOT_MATCHED", value));
+ }
}
value = getConfig(CONFIG_DATA_ENCIPHERMENT);
if (!isOptional(value)) {
boolean bit = getBoolean(value);
if (bit != isSet(bits, 3)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_DATA_ENCIPHERMENT_NOT_MATCHED",
- value));
- }
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request),
+ "CMS_PROFILE_DATA_ENCIPHERMENT_NOT_MATCHED", value));
+ }
}
value = getConfig(CONFIG_KEY_AGREEMENT);
if (!isOptional(value)) {
boolean bit = getBoolean(value);
if (bit != isSet(bits, 4)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_KEY_AGREEMENT_NOT_MATCHED",
- value));
- }
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request),
+ "CMS_PROFILE_KEY_AGREEMENT_NOT_MATCHED", value));
+ }
}
value = getConfig(CONFIG_KEY_CERTSIGN);
if (!isOptional(value)) {
boolean bit = getBoolean(value);
if (bit != isSet(bits, 5)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_KEY_CERTSIGN_NOT_MATCHED",
- value));
- }
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request),
+ "CMS_PROFILE_KEY_CERTSIGN_NOT_MATCHED", value));
+ }
}
value = getConfig(CONFIG_CRL_SIGN);
if (!isOptional(value)) {
boolean bit = getBoolean(value);
if (bit != isSet(bits, 6)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_CRL_SIGN_NOT_MATCHED",
- value));
- }
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request), "CMS_PROFILE_CRL_SIGN_NOT_MATCHED",
+ value));
+ }
}
value = getConfig(CONFIG_ENCIPHER_ONLY);
if (!isOptional(value)) {
boolean bit = getBoolean(value);
if (bit != isSet(bits, 7)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_ENCIPHER_ONLY_NOT_MATCHED",
- value));
- }
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request),
+ "CMS_PROFILE_ENCIPHER_ONLY_NOT_MATCHED", value));
+ }
}
value = getConfig(CONFIG_DECIPHER_ONLY);
if (!isOptional(value)) {
boolean bit = getBoolean(value);
if (bit != isSet(bits, 8)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_DECIPHER_ONLY_NOT_MATCHED",
- value));
- }
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request),
+ "CMS_PROFILE_DECIPHER_ONLY_NOT_MATCHED", value));
+ }
}
}
public String getText(Locale locale) {
- String params[] = {
- getConfig(CONFIG_CRITICAL),
+ String params[] = { getConfig(CONFIG_CRITICAL),
getConfig(CONFIG_DIGITAL_SIGNATURE),
getConfig(CONFIG_NON_REPUDIATION),
getConfig(CONFIG_KEY_ENCIPHERMENT),
getConfig(CONFIG_DATA_ENCIPHERMENT),
getConfig(CONFIG_KEY_AGREEMENT),
- getConfig(CONFIG_KEY_CERTSIGN),
- getConfig(CONFIG_CRL_SIGN),
+ getConfig(CONFIG_KEY_CERTSIGN), getConfig(CONFIG_CRL_SIGN),
getConfig(CONFIG_ENCIPHER_ONLY),
- getConfig(CONFIG_DECIPHER_ONLY)
- };
+ getConfig(CONFIG_DECIPHER_ONLY) };
- return CMS.getUserMessage(locale,
+ return CMS.getUserMessage(locale,
"CMS_PROFILE_CONSTRAINT_KEY_USAGE_EXT_TEXT", params);
}
generated by cgit (git 2.34.1) at 2024-05-18 01:46:13 +0000