summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java128
1 files changed, 63 insertions, 65 deletions
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java
index 4a483b43d..927c64ec2 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.constraint;
-
import java.util.Locale;
import netscape.security.x509.KeyUsageExtension;
@@ -37,25 +36,24 @@ import com.netscape.cms.profile.def.KeyUsageExtDefault;
import com.netscape.cms.profile.def.NoDefault;
import com.netscape.cms.profile.def.UserExtensionDefault;
-
/**
* This class implements the key usage extension constraint.
* It checks if the key usage constraint in the certificate
* template satisfies the criteria.
- *
+ *
* @version $Revision$, $Date$
*/
public class KeyUsageExtConstraint extends EnrollConstraint {
public static final String CONFIG_CRITICAL = "keyUsageCritical";
public static final String CONFIG_DIGITAL_SIGNATURE =
- "keyUsageDigitalSignature";
+ "keyUsageDigitalSignature";
public static final String CONFIG_NON_REPUDIATION =
- "keyUsageNonRepudiation";
+ "keyUsageNonRepudiation";
public static final String CONFIG_KEY_ENCIPHERMENT =
- "keyUsageKeyEncipherment";
+ "keyUsageKeyEncipherment";
public static final String CONFIG_DATA_ENCIPHERMENT =
- "keyUsageDataEncipherment";
+ "keyUsageDataEncipherment";
public static final String CONFIG_KEY_AGREEMENT = "keyUsageKeyAgreement";
public static final String CONFIG_KEY_CERTSIGN = "keyUsageKeyCertSign";
public static final String CONFIG_CRL_SIGN = "keyUsageCrlSign";
@@ -77,12 +75,12 @@ public class KeyUsageExtConstraint extends EnrollConstraint {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_CRITICAL)) {
return new Descriptor(IDescriptor.CHOICE, "true,false,-",
"-",
@@ -138,16 +136,16 @@ public class KeyUsageExtConstraint extends EnrollConstraint {
* during the validation.
*/
public void validate(IRequest request, X509CertInfo info)
- throws ERejectException {
- KeyUsageExtension ext = (KeyUsageExtension)
- getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ throws ERejectException {
+ KeyUsageExtension ext = (KeyUsageExtension)
+ getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
if (ext == null) {
throw new ERejectException(
CMS.getUserMessage(
- getLocale(request),
- "CMS_PROFILE_EXTENSION_NOT_FOUND",
- PKIXExtensions.KeyUsage_Id.toString()));
+ getLocale(request),
+ "CMS_PROFILE_EXTENSION_NOT_FOUND",
+ PKIXExtensions.KeyUsage_Id.toString()));
}
boolean[] bits = ext.getBits();
@@ -156,10 +154,10 @@ public class KeyUsageExtConstraint extends EnrollConstraint {
if (!isOptional(value)) {
boolean critical = getBoolean(value);
- if (critical != ext.isCritical()) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
+ if (critical != ext.isCritical()) {
+ throw new ERejectException(
+ CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
}
}
value = getConfig(CONFIG_DIGITAL_SIGNATURE);
@@ -167,99 +165,99 @@ public class KeyUsageExtConstraint extends EnrollConstraint {
boolean bit = getBoolean(value);
if (bit != isSet(bits, 0)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_DIGITAL_SIGNATURE_NOT_MATCHED",
- value));
- }
+ throw new ERejectException(
+ CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_DIGITAL_SIGNATURE_NOT_MATCHED",
+ value));
+ }
}
value = getConfig(CONFIG_NON_REPUDIATION);
if (!isOptional(value)) {
boolean bit = getBoolean(value);
if (bit != isSet(bits, 1)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_NON_REPUDIATION_NOT_MATCHED",
- value));
- }
+ throw new ERejectException(
+ CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_NON_REPUDIATION_NOT_MATCHED",
+ value));
+ }
}
value = getConfig(CONFIG_KEY_ENCIPHERMENT);
if (!isOptional(value)) {
boolean bit = getBoolean(value);
if (bit != isSet(bits, 2)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_KEY_ENCIPHERMENT_NOT_MATCHED",
- value));
- }
+ throw new ERejectException(
+ CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_KEY_ENCIPHERMENT_NOT_MATCHED",
+ value));
+ }
}
value = getConfig(CONFIG_DATA_ENCIPHERMENT);
if (!isOptional(value)) {
boolean bit = getBoolean(value);
if (bit != isSet(bits, 3)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_DATA_ENCIPHERMENT_NOT_MATCHED",
- value));
- }
+ throw new ERejectException(
+ CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_DATA_ENCIPHERMENT_NOT_MATCHED",
+ value));
+ }
}
value = getConfig(CONFIG_KEY_AGREEMENT);
if (!isOptional(value)) {
boolean bit = getBoolean(value);
if (bit != isSet(bits, 4)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_KEY_AGREEMENT_NOT_MATCHED",
- value));
- }
+ throw new ERejectException(
+ CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_KEY_AGREEMENT_NOT_MATCHED",
+ value));
+ }
}
value = getConfig(CONFIG_KEY_CERTSIGN);
if (!isOptional(value)) {
boolean bit = getBoolean(value);
if (bit != isSet(bits, 5)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_KEY_CERTSIGN_NOT_MATCHED",
- value));
- }
+ throw new ERejectException(
+ CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_KEY_CERTSIGN_NOT_MATCHED",
+ value));
+ }
}
value = getConfig(CONFIG_CRL_SIGN);
if (!isOptional(value)) {
boolean bit = getBoolean(value);
if (bit != isSet(bits, 6)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_CRL_SIGN_NOT_MATCHED",
- value));
- }
+ throw new ERejectException(
+ CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_CRL_SIGN_NOT_MATCHED",
+ value));
+ }
}
value = getConfig(CONFIG_ENCIPHER_ONLY);
if (!isOptional(value)) {
boolean bit = getBoolean(value);
if (bit != isSet(bits, 7)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_ENCIPHER_ONLY_NOT_MATCHED",
- value));
- }
+ throw new ERejectException(
+ CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_ENCIPHER_ONLY_NOT_MATCHED",
+ value));
+ }
}
value = getConfig(CONFIG_DECIPHER_ONLY);
if (!isOptional(value)) {
boolean bit = getBoolean(value);
if (bit != isSet(bits, 8)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_DECIPHER_ONLY_NOT_MATCHED",
- value));
- }
+ throw new ERejectException(
+ CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_DECIPHER_ONLY_NOT_MATCHED",
+ value));
+ }
}
}
@@ -277,7 +275,7 @@ public class KeyUsageExtConstraint extends EnrollConstraint {
getConfig(CONFIG_DECIPHER_ONLY)
};
- return CMS.getUserMessage(locale,
+ return CMS.getUserMessage(locale,
"CMS_PROFILE_CONSTRAINT_KEY_USAGE_EXT_TEXT", params);
}
generated by cgit (git 2.34.1) at 2024-09-19 12:05:36 +0000