summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java509
1 files changed, 509 insertions, 0 deletions
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java
new file mode 100644
index 000000000..286913c5a
--- /dev/null
+++ b/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java
@@ -0,0 +1,509 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.cms.profile.def;
+
+
+import java.io.*;
+import java.util.*;
+import com.netscape.certsrv.base.*;
+import com.netscape.certsrv.profile.*;
+import com.netscape.certsrv.request.*;
+import com.netscape.certsrv.property.*;
+import com.netscape.certsrv.apps.*;
+
+import netscape.security.x509.*;
+import com.netscape.cms.profile.common.*;
+
+
+/**
+ * This class implements an enrollment default policy
+ * that populates a Key Usage extension
+ * into the certificate template.
+ *
+ * @version $Revision$, $Date$
+ */
+public class KeyUsageExtDefault extends EnrollExtDefault {
+
+ public static final String CONFIG_CRITICAL = "keyUsageCritical";
+ public static final String CONFIG_DIGITAL_SIGNATURE =
+ "keyUsageDigitalSignature";
+ public static final String CONFIG_NON_REPUDIATION =
+ "keyUsageNonRepudiation";
+ public static final String CONFIG_KEY_ENCIPHERMENT =
+ "keyUsageKeyEncipherment";
+ public static final String CONFIG_DATA_ENCIPHERMENT =
+ "keyUsageDataEncipherment";
+ public static final String CONFIG_KEY_AGREEMENT = "keyUsageKeyAgreement";
+ public static final String CONFIG_KEY_CERTSIGN = "keyUsageKeyCertSign";
+ public static final String CONFIG_CRL_SIGN = "keyUsageCrlSign";
+ public static final String CONFIG_ENCIPHER_ONLY = "keyUsageEncipherOnly";
+ public static final String CONFIG_DECIPHER_ONLY = "keyUsageDecipherOnly";
+
+ public static final String VAL_CRITICAL = "keyUsageCritical";
+ public static final String VAL_DIGITAL_SIGNATURE =
+ "keyUsageDigitalSignature";
+ public static final String VAL_NON_REPUDIATION =
+ "keyUsageNonRepudiation";
+ public static final String VAL_KEY_ENCIPHERMENT =
+ "keyUsageKeyEncipherment";
+ public static final String VAL_DATA_ENCIPHERMENT =
+ "keyUsageDataEncipherment";
+ public static final String VAL_KEY_AGREEMENT = "keyUsageKeyAgreement";
+ public static final String VAL_KEY_CERTSIGN = "keyUsageKeyCertSign";
+ public static final String VAL_CRL_SIGN = "keyUsageCrlSign";
+ public static final String VAL_ENCIPHER_ONLY = "keyUsageEncipherOnly";
+ public static final String VAL_DECIPHER_ONLY = "keyUsageDecipherOnly";
+
+ public KeyUsageExtDefault() {
+ super();
+ addValueName(VAL_CRITICAL);
+ addValueName(VAL_DIGITAL_SIGNATURE);
+ addValueName(VAL_NON_REPUDIATION);
+ addValueName(VAL_KEY_ENCIPHERMENT);
+ addValueName(VAL_DATA_ENCIPHERMENT);
+ addValueName(VAL_KEY_AGREEMENT);
+ addValueName(VAL_KEY_CERTSIGN);
+ addValueName(VAL_CRL_SIGN);
+ addValueName(VAL_ENCIPHER_ONLY);
+ addValueName(VAL_DECIPHER_ONLY);
+
+ addConfigName(CONFIG_CRITICAL);
+ addConfigName(CONFIG_DIGITAL_SIGNATURE);
+ addConfigName(CONFIG_NON_REPUDIATION);
+ addConfigName(CONFIG_KEY_ENCIPHERMENT);
+ addConfigName(CONFIG_DATA_ENCIPHERMENT);
+ addConfigName(CONFIG_KEY_AGREEMENT);
+ addConfigName(CONFIG_KEY_CERTSIGN);
+ addConfigName(CONFIG_CRL_SIGN);
+ addConfigName(CONFIG_ENCIPHER_ONLY);
+ addConfigName(CONFIG_DECIPHER_ONLY);
+ }
+
+ public void init(IProfile profile, IConfigStore config)
+ throws EProfileException {
+ super.init(profile, config);
+ }
+
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ if (name.equals(CONFIG_CRITICAL)) {
+ return new Descriptor(IDescriptor.BOOLEAN, null,
+ "false",
+ CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
+ } else if (name.equals(CONFIG_DIGITAL_SIGNATURE)) {
+ return new Descriptor(IDescriptor.BOOLEAN, null,
+ "false",
+ CMS.getUserMessage(locale, "CMS_PROFILE_DIGITAL_SIGNATURE"));
+ } else if (name.equals(CONFIG_NON_REPUDIATION)) {
+ return new Descriptor(IDescriptor.BOOLEAN, null,
+ "false",
+ CMS.getUserMessage(locale, "CMS_PROFILE_NON_REPUDIATION"));
+ } else if (name.equals(CONFIG_KEY_ENCIPHERMENT)) {
+ return new Descriptor(IDescriptor.BOOLEAN, null,
+ "false",
+ CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ENCIPHERMENT"));
+ } else if (name.equals(CONFIG_DATA_ENCIPHERMENT)) {
+ return new Descriptor(IDescriptor.BOOLEAN, null,
+ "false",
+ CMS.getUserMessage(locale, "CMS_PROFILE_DATA_ENCIPHERMENT"));
+ } else if (name.equals(CONFIG_KEY_AGREEMENT)) {
+ return new Descriptor(IDescriptor.BOOLEAN, null,
+ "false",
+ CMS.getUserMessage(locale, "CMS_PROFILE_KEY_AGREEMENT"));
+ } else if (name.equals(CONFIG_KEY_CERTSIGN)) {
+ return new Descriptor(IDescriptor.BOOLEAN, null,
+ "false",
+ CMS.getUserMessage(locale, "CMS_PROFILE_KEY_CERTSIGN"));
+ } else if (name.equals(CONFIG_CRL_SIGN)) {
+ return new Descriptor(IDescriptor.BOOLEAN, null,
+ "false",
+ CMS.getUserMessage(locale, "CMS_PROFILE_CRL_SIGN"));
+ } else if (name.equals(CONFIG_ENCIPHER_ONLY)) {
+ return new Descriptor(IDescriptor.BOOLEAN, null,
+ "false",
+ CMS.getUserMessage(locale, "CMS_PROFILE_ENCIPHER_ONLY"));
+ } else if (name.equals(CONFIG_DECIPHER_ONLY)) {
+ return new Descriptor(IDescriptor.BOOLEAN, null,
+ "false",
+ CMS.getUserMessage(locale, "CMS_PROFILE_DECIPHER_ONLY"));
+ } else {
+ return null;
+ }
+ }
+
+ public IDescriptor getValueDescriptor(Locale locale, String name) {
+ if (name.equals(VAL_CRITICAL)) {
+ return new Descriptor(IDescriptor.BOOLEAN, null,
+ "false",
+ CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
+ } else if (name.equals(VAL_DIGITAL_SIGNATURE)) {
+ return new Descriptor(IDescriptor.BOOLEAN, null,
+ "false",
+ CMS.getUserMessage(locale, "CMS_PROFILE_DIGITAL_SIGNATURE"));
+ } else if (name.equals(VAL_NON_REPUDIATION)) {
+ return new Descriptor(IDescriptor.BOOLEAN, null,
+ "false",
+ CMS.getUserMessage(locale, "CMS_PROFILE_NON_REPUDIATION"));
+ } else if (name.equals(VAL_KEY_ENCIPHERMENT)) {
+ return new Descriptor(IDescriptor.BOOLEAN, null,
+ "false",
+ CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ENCIPHERMENT"));
+ } else if (name.equals(VAL_DATA_ENCIPHERMENT)) {
+ return new Descriptor(IDescriptor.BOOLEAN, null,
+ "false",
+ CMS.getUserMessage(locale, "CMS_PROFILE_DATA_ENCIPHERMENT"));
+ } else if (name.equals(VAL_KEY_AGREEMENT)) {
+ return new Descriptor(IDescriptor.BOOLEAN, null,
+ "false",
+ CMS.getUserMessage(locale, "CMS_PROFILE_KEY_AGREEMENT"));
+ } else if (name.equals(VAL_KEY_CERTSIGN)) {
+ return new Descriptor(IDescriptor.BOOLEAN, null,
+ "false",
+ CMS.getUserMessage(locale, "CMS_PROFILE_KEY_CERTSIGN"));
+ } else if (name.equals(VAL_CRL_SIGN)) {
+ return new Descriptor(IDescriptor.BOOLEAN, null,
+ "false",
+ CMS.getUserMessage(locale, "CMS_PROFILE_CRL_SIGN"));
+ } else if (name.equals(VAL_ENCIPHER_ONLY)) {
+ return new Descriptor(IDescriptor.BOOLEAN, null,
+ "false",
+ CMS.getUserMessage(locale, "CMS_PROFILE_ENCIPHER_ONLY"));
+ } else if (name.equals(VAL_DECIPHER_ONLY)) {
+ return new Descriptor(IDescriptor.BOOLEAN, null,
+ "false",
+ CMS.getUserMessage(locale, "CMS_PROFILE_DECIPHER_ONLY"));
+ } else {
+ return null;
+ }
+ }
+
+ public void setValue(String name, Locale locale,
+ X509CertInfo info, String value)
+ throws EPropertyException {
+ try {
+ KeyUsageExtension ext = null;
+
+ if (name == null) {
+ throw new EPropertyException(CMS.getUserMessage(
+ locale, "CMS_INVALID_PROPERTY", name));
+ }
+
+ ext = (KeyUsageExtension)
+ getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+
+ if(ext == null) {
+ populate(null,info);
+
+ }
+
+ if (name.equals(VAL_CRITICAL)) {
+ ext = (KeyUsageExtension)
+ getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ boolean val = Boolean.valueOf(value).booleanValue();
+
+ if(ext == null) {
+ return;
+ }
+ ext.setCritical(val);
+ } else if (name.equals(VAL_DIGITAL_SIGNATURE)) {
+ ext = (KeyUsageExtension)
+ getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ if(ext == null) {
+ return;
+ }
+ Boolean val = Boolean.valueOf(value);
+
+ ext.set(KeyUsageExtension.DIGITAL_SIGNATURE, val);
+ } else if (name.equals(VAL_NON_REPUDIATION)) {
+ ext = (KeyUsageExtension)
+ getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ if(ext == null) {
+ return;
+ }
+ Boolean val = Boolean.valueOf(value);
+
+ ext.set(KeyUsageExtension.NON_REPUDIATION, val);
+ } else if (name.equals(VAL_KEY_ENCIPHERMENT)) {
+ ext = (KeyUsageExtension)
+ getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ if(ext == null) {
+ return;
+ }
+ Boolean val = Boolean.valueOf(value);
+
+ ext.set(KeyUsageExtension.KEY_ENCIPHERMENT, val);
+ } else if (name.equals(VAL_DATA_ENCIPHERMENT)) {
+ ext = (KeyUsageExtension)
+ getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ if(ext == null) {
+ return;
+ }
+ Boolean val = Boolean.valueOf(value);
+
+ ext.set(KeyUsageExtension.DATA_ENCIPHERMENT, val);
+ } else if (name.equals(VAL_KEY_AGREEMENT)) {
+ ext = (KeyUsageExtension)
+ getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ if(ext == null) {
+ return;
+ }
+ Boolean val = Boolean.valueOf(value);
+
+ ext.set(KeyUsageExtension.KEY_AGREEMENT, val);
+ } else if (name.equals(VAL_KEY_CERTSIGN)) {
+ ext = (KeyUsageExtension)
+ getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ if(ext == null) {
+ return;
+ }
+ Boolean val = Boolean.valueOf(value);
+
+ ext.set(KeyUsageExtension.KEY_CERTSIGN, val);
+ } else if (name.equals(VAL_CRL_SIGN)) {
+ ext = (KeyUsageExtension)
+ getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ if(ext == null) {
+ return;
+ }
+ Boolean val = Boolean.valueOf(value);
+
+ ext.set(KeyUsageExtension.CRL_SIGN, val);
+ } else if (name.equals(VAL_ENCIPHER_ONLY)) {
+ ext = (KeyUsageExtension)
+ getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ if(ext == null) {
+ return;
+ }
+ Boolean val = Boolean.valueOf(value);
+
+ ext.set(KeyUsageExtension.ENCIPHER_ONLY, val);
+ } else if (name.equals(VAL_DECIPHER_ONLY)) {
+ ext = (KeyUsageExtension)
+ getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ if(ext == null) {
+ return;
+ }
+ Boolean val = Boolean.valueOf(value);
+
+ ext.set(KeyUsageExtension.DECIPHER_ONLY, val);
+ } else {
+ throw new EPropertyException(CMS.getUserMessage(
+ locale, "CMS_INVALID_PROPERTY", name));
+ }
+
+ replaceExtension(PKIXExtensions.KeyUsage_Id.toString(), ext, info);
+ } catch (IOException e) {
+ CMS.debug("KeyUsageExtDefault: setValue " + e.toString());
+ throw new EPropertyException(CMS.getUserMessage(
+ locale, "CMS_INVALID_PROPERTY", name));
+ } catch (EProfileException e) {
+ CMS.debug("KeyUsageExtDefault: setValue " + e.toString());
+ throw new EPropertyException(CMS.getUserMessage(
+ locale, "CMS_INVALID_PROPERTY", name));
+ }
+ }
+
+ public String getValue(String name, Locale locale,
+ X509CertInfo info)
+ throws EPropertyException {
+ try {
+ if (name == null) {
+ throw new EPropertyException(CMS.getUserMessage(
+ locale, "CMS_INVALID_PROPERTY", name));
+ }
+
+ KeyUsageExtension ext = (KeyUsageExtension)
+ getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+
+ if(ext == null)
+ {
+ try {
+ populate(null,info);
+
+ } catch (EProfileException e) {
+ throw new EPropertyException(CMS.getUserMessage(
+ locale, "CMS_INVALID_PROPERTY", name));
+ }
+
+ }
+
+ if (name.equals(VAL_CRITICAL)) {
+ ext = (KeyUsageExtension)
+ getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+
+ if (ext == null) {
+ return null;
+ }
+ if (ext.isCritical()) {
+ return "true";
+ } else {
+ return "false";
+ }
+ } else if (name.equals(VAL_DIGITAL_SIGNATURE)) {
+ ext = (KeyUsageExtension)
+ getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ if (ext == null) {
+ return null;
+ }
+
+ Boolean val = (Boolean)
+ ext.get(KeyUsageExtension.DIGITAL_SIGNATURE);
+
+ return val.toString();
+ } else if (name.equals(VAL_NON_REPUDIATION)) {
+ ext = (KeyUsageExtension)
+ getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ if (ext == null) {
+ return null;
+ }
+ Boolean val = (Boolean)
+ ext.get(KeyUsageExtension.NON_REPUDIATION);
+
+ return val.toString();
+ } else if (name.equals(VAL_KEY_ENCIPHERMENT)) {
+ ext = (KeyUsageExtension)
+ getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ if (ext == null) {
+ return null;
+ }
+ Boolean val = (Boolean)
+ ext.get(KeyUsageExtension.KEY_ENCIPHERMENT);
+
+ return val.toString();
+ } else if (name.equals(VAL_DATA_ENCIPHERMENT)) {
+ ext = (KeyUsageExtension)
+ getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ if (ext == null) {
+ return null;
+ }
+ Boolean val = (Boolean)
+ ext.get(KeyUsageExtension.DATA_ENCIPHERMENT);
+
+ return val.toString();
+ } else if (name.equals(VAL_KEY_AGREEMENT)) {
+ ext = (KeyUsageExtension)
+ getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ if (ext == null) {
+ return null;
+ }
+ Boolean val = (Boolean)
+ ext.get(KeyUsageExtension.KEY_AGREEMENT);
+
+ return val.toString();
+ } else if (name.equals(VAL_KEY_CERTSIGN)) {
+ ext = (KeyUsageExtension)
+ getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ if (ext == null) {
+ return null;
+ }
+ Boolean val = (Boolean)
+ ext.get(KeyUsageExtension.KEY_CERTSIGN);
+
+ return val.toString();
+ } else if (name.equals(VAL_CRL_SIGN)) {
+ ext = (KeyUsageExtension)
+ getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ if (ext == null) {
+ return null;
+ }
+ Boolean val = (Boolean)
+ ext.get(KeyUsageExtension.CRL_SIGN);
+
+ return val.toString();
+ } else if (name.equals(VAL_ENCIPHER_ONLY)) {
+ ext = (KeyUsageExtension)
+ getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ if (ext == null) {
+ return null;
+ }
+ Boolean val = (Boolean)
+ ext.get(KeyUsageExtension.ENCIPHER_ONLY);
+
+ return val.toString();
+ } else if (name.equals(VAL_DECIPHER_ONLY)) {
+ ext = (KeyUsageExtension)
+ getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ if (ext == null) {
+ return null;
+ }
+ Boolean val = (Boolean)
+ ext.get(KeyUsageExtension.DECIPHER_ONLY);
+
+ return val.toString();
+ } else {
+ throw new EPropertyException(CMS.getUserMessage(
+ locale, "CMS_INVALID_PROPERTY", name));
+ }
+ } catch (IOException e) {
+ CMS.debug("KeyUsageExtDefault: getValue " + e.toString());
+ throw new EPropertyException(CMS.getUserMessage(
+ locale, "CMS_INVALID_PROPERTY", name));
+ }
+ }
+
+ public String getText(Locale locale) {
+ String params[] = {
+ getConfig(CONFIG_CRITICAL),
+ getConfig(CONFIG_DIGITAL_SIGNATURE),
+ getConfig(CONFIG_NON_REPUDIATION),
+ getConfig(CONFIG_KEY_ENCIPHERMENT),
+ getConfig(CONFIG_DATA_ENCIPHERMENT),
+ getConfig(CONFIG_KEY_AGREEMENT),
+ getConfig(CONFIG_KEY_CERTSIGN),
+ getConfig(CONFIG_CRL_SIGN),
+ getConfig(CONFIG_ENCIPHER_ONLY),
+ getConfig(CONFIG_DECIPHER_ONLY)
+ };
+
+ return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_KEY_USAGE_EXT", params);
+
+ }
+
+ /**
+ * Populates the request with this policy default.
+ */
+ public void populate(IRequest request, X509CertInfo info)
+ throws EProfileException {
+ KeyUsageExtension ext = createKeyUsageExtension();
+
+ addExtension(PKIXExtensions.KeyUsage_Id.toString(), ext, info);
+ }
+
+ public KeyUsageExtension createKeyUsageExtension() {
+ KeyUsageExtension ext = null;
+ boolean[] bits = new boolean[KeyUsageExtension.NBITS];
+
+ boolean critical = getConfigBoolean(CONFIG_CRITICAL);
+
+ bits[0] = getConfigBoolean(CONFIG_DIGITAL_SIGNATURE);
+ bits[1] = getConfigBoolean(CONFIG_NON_REPUDIATION);
+ bits[2] = getConfigBoolean(CONFIG_KEY_ENCIPHERMENT);
+ bits[3] = getConfigBoolean(CONFIG_DATA_ENCIPHERMENT);
+ bits[4] = getConfigBoolean(CONFIG_KEY_AGREEMENT);
+ bits[5] = getConfigBoolean(CONFIG_KEY_CERTSIGN);
+ bits[6] = getConfigBoolean(CONFIG_CRL_SIGN);
+ bits[7] = getConfigBoolean(CONFIG_ENCIPHER_ONLY);
+ bits[8] = getConfigBoolean(CONFIG_DECIPHER_ONLY);
+ try {
+ ext = new KeyUsageExtension(critical, bits);
+ } catch (Exception e) {
+ CMS.debug("KeyUsageExtDefault: createKeyUsageExtension " +
+ e.toString());
+ }
+ return ext;
+ }
+}
generated by cgit (git 2.34.1) at 2024-04-26 15:49:56 +0000