summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java542
1 files changed, 0 insertions, 542 deletions
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java
deleted file mode 100644
index d3838577e..000000000
--- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java
+++ /dev/null
@@ -1,542 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.StringTokenizer;
-import java.util.UUID;
-
-import netscape.security.x509.GeneralNameInterface;
-import netscape.security.x509.GeneralNames;
-import netscape.security.x509.PKIXExtensions;
-import netscape.security.x509.SubjectAlternativeNameExtension;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IAttrSet;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.pattern.Pattern;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates a subject alternative name extension
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class SubjectAltNameExtDefault extends EnrollExtDefault {
-
- public static final String CONFIG_CRITICAL = "subjAltNameExtCritical";
- public static final String CONFIG_NUM_GNS = "subjAltNameNumGNs";
- public static final String CONFIG_GN_ENABLE = "subjAltExtGNEnable_";
- public static final String CONFIG_TYPE = "subjAltExtType_";
- public static final String CONFIG_PATTERN = "subjAltExtPattern_";
- public static final String CONFIG_SOURCE = "subjAltExtSource_";
- public static final String CONFIG_SOURCE_UUID4 = "UUID4";
-
- public static final String CONFIG_OLD_TYPE = "subjAltExtType";
- public static final String CONFIG_OLD_PATTERN = "subjAltExtPattern";
-
- public static final String VAL_CRITICAL = "subjAltNameExtCritical";
- public static final String VAL_GENERAL_NAMES = "subjAltNames";
-
- private static final String GN_ENABLE = "Enable";
- private static final String GN_TYPE = "Pattern Type";
- private static final String GN_PATTERN = "Pattern";
-
- private static final int DEF_NUM_GN = 1;
- private static final int MAX_NUM_GN = 100;
-
- public SubjectAltNameExtDefault() {
- super();
- }
-
- protected int getNumGNs() {
- int num = DEF_NUM_GN;
- String numGNs = getConfig(CONFIG_NUM_GNS);
-
- if (numGNs != null) {
- try {
- num = Integer.parseInt(numGNs);
- } catch (NumberFormatException e) {
- // ignore
- }
- }
-
- if (num >= MAX_NUM_GN)
- num = DEF_NUM_GN;
- return num;
- }
-
- public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
-
- super.init(profile, config);
- refreshConfigAndValueNames();
- // migrate old parameters to new parameters
- String old_type = null;
- String old_pattern = null;
- IConfigStore paramConfig = config.getSubStore("params");
- try {
- if (paramConfig != null) {
- old_type = paramConfig.getString(CONFIG_OLD_TYPE);
- }
- } catch (EBaseException e) {
- // nothing to do here
- }
- CMS.debug("SubjectAltNameExtDefault: Upgrading old_type=" +
- old_type);
- try {
- if (paramConfig != null) {
- old_pattern = paramConfig.getString(CONFIG_OLD_PATTERN);
- }
- } catch (EBaseException e) {
- // nothing to do here
- }
- CMS.debug("SubjectAltNameExtDefault: Upgrading old_pattern=" +
- old_pattern);
- if (old_type != null && old_pattern != null) {
- CMS.debug("SubjectAltNameExtDefault: Upgrading");
- try {
- paramConfig.putString(CONFIG_NUM_GNS, "1");
- paramConfig.putString(CONFIG_GN_ENABLE + "0", "true");
- paramConfig.putString(CONFIG_TYPE + "0", old_type);
- paramConfig.putString(CONFIG_PATTERN + "0", old_pattern);
- paramConfig.remove(CONFIG_OLD_TYPE);
- paramConfig.remove(CONFIG_OLD_PATTERN);
- profile.getConfigStore().commit(true);
- } catch (Exception e) {
- CMS.debug("SubjectAltNameExtDefault: Failed to upgrade " + e);
- }
- }
- }
-
- public void setConfig(String name, String value)
- throws EPropertyException {
- int num = 0;
- if (name.equals(CONFIG_NUM_GNS)) {
- try {
- num = Integer.parseInt(value);
-
- if (num >= MAX_NUM_GN || num < 0) {
- throw new EPropertyException(CMS.getUserMessage(
- "CMS_INVALID_PROPERTY", CONFIG_NUM_GNS));
- }
-
- } catch (Exception e) {
- throw new EPropertyException(CMS.getUserMessage(
- "CMS_INVALID_PROPERTY", CONFIG_NUM_GNS));
- }
- }
- super.setConfig(name, value);
- }
-
- public Enumeration<String> getConfigNames() {
- refreshConfigAndValueNames();
- return super.getConfigNames();
- }
-
- protected void refreshConfigAndValueNames() {
- super.refreshConfigAndValueNames();
-
- addValueName(VAL_CRITICAL);
- addValueName(VAL_GENERAL_NAMES);
-
- addConfigName(CONFIG_CRITICAL);
- int num = getNumGNs();
- addConfigName(CONFIG_NUM_GNS);
- for (int i = 0; i < num; i++) {
- addConfigName(CONFIG_TYPE + i);
- addConfigName(CONFIG_PATTERN + i);
- addConfigName(CONFIG_GN_ENABLE + i);
- }
- }
-
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
- if (name.equals(CONFIG_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
- CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
- } else if (name.startsWith(CONFIG_TYPE)) {
- return new Descriptor(IDescriptor.CHOICE,
- "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName,OtherName",
- "RFC822Name",
- CMS.getUserMessage(locale,
- "CMS_PROFILE_SUBJECT_ALT_NAME_TYPE"));
- } else if (name.startsWith(CONFIG_PATTERN)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
- CMS.getUserMessage(locale,
- "CMS_PROFILE_SUBJECT_ALT_NAME_PATTERN"));
- } else if (name.startsWith(CONFIG_GN_ENABLE)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
- CMS.getUserMessage(locale, "CMS_PROFILE_GN_ENABLE"));
- } else if (name.startsWith(CONFIG_NUM_GNS)) {
- return new Descriptor(IDescriptor.INTEGER, null,
- "1",
- CMS.getUserMessage(locale, "CMS_PROFILE_NUM_GNS"));
- }
-
- return null;
- }
-
- public IDescriptor getValueDescriptor(Locale locale, String name) {
- if (name.equals(VAL_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
- CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
- } else if (name.equals(VAL_GENERAL_NAMES)) {
- return new Descriptor(IDescriptor.STRING_LIST, null,
- null,
- CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES"));
- } else {
- return null;
- }
- }
-
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
- try {
- SubjectAlternativeNameExtension ext = null;
-
- if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
- }
-
- ext =
- (SubjectAlternativeNameExtension)
- getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
-
- if (ext == null) {
- populate(null, info);
- }
-
- if (name.equals(VAL_CRITICAL)) {
- ext =
- (SubjectAlternativeNameExtension)
- getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
-
- if (ext == null) {
- // it is ok, the extension is never populated or delted
- return;
- }
- boolean critical = Boolean.valueOf(value).booleanValue();
-
- ext.setCritical(critical);
- } else if (name.equals(VAL_GENERAL_NAMES)) {
- ext =
- (SubjectAlternativeNameExtension)
- getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
-
- if (ext == null) {
- // it is ok, the extension is never populated or delted
- return;
- }
- if (value.equals("")) {
- // if value is empty, do not add this extension
- deleteExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
- return;
- }
- GeneralNames gn = new GeneralNames();
- StringTokenizer st = new StringTokenizer(value, "\r\n");
-
- while (st.hasMoreTokens()) {
- String gname = (String) st.nextToken();
- CMS.debug("SubjectAltNameExtDefault: setValue GN:" + gname);
-
- if (!isGeneralNameValid(gname)) {
- continue;
- }
- GeneralNameInterface n = parseGeneralName(gname);
- if (n != null) {
- gn.addElement(n);
- }
- }
- if (gn.size() == 0) {
- CMS.debug("GN size is zero");
- deleteExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
- return;
- } else {
- CMS.debug("GN size is non zero (" + gn.size() + ")");
- ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn);
- }
- } else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
- }
- replaceExtension(
- PKIXExtensions.SubjectAlternativeName_Id.toString(),
- ext, info);
- } catch (IOException e) {
- CMS.debug("SubjectAltNameExtDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
- } catch (EProfileException e) {
- CMS.debug("SubjectAltNameExtDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
- }
- }
-
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
- try {
- if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
- }
-
- SubjectAlternativeNameExtension ext =
- (SubjectAlternativeNameExtension)
- getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
-
- if (ext == null) {
- try {
- populate(null, info);
-
- } catch (EProfileException e) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
- }
-
- }
-
- if (name.equals(VAL_CRITICAL)) {
- ext =
- (SubjectAlternativeNameExtension)
- getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
-
- if (ext == null) {
- return null;
- }
- if (ext.isCritical()) {
- return "true";
- } else {
- return "false";
- }
- } else if (name.equals(VAL_GENERAL_NAMES)) {
- ext =
- (SubjectAlternativeNameExtension)
- getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
- if (ext == null) {
- return null;
- }
-
- GeneralNames names = (GeneralNames)
- ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
- StringBuffer sb = new StringBuffer();
- Enumeration<GeneralNameInterface> e = names.elements();
-
- while (e.hasMoreElements()) {
- GeneralNameInterface gn = e.nextElement();
-
- if (!sb.toString().equals("")) {
- sb.append("\r\n");
- }
- sb.append(toGeneralNameString(gn));
- CMS.debug("SubjectAltNameExtDefault: getValue append GN:" + toGeneralNameString(gn));
- }
- return sb.toString();
- } else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
- }
- } catch (IOException e) {
- CMS.debug("SubjectAltNameExtDefault: getValue " +
- e.toString());
- }
- return null;
- }
-
- /*
- * returns text that goes into description for this extension on
- * a profile
- */
- public String getText(Locale locale) {
- StringBuffer sb = new StringBuffer();
- int num = getNumGNs();
-
- for (int i = 0; i < num; i++) {
- sb.append("Record #");
- sb.append(i);
- sb.append("{");
- sb.append(GN_PATTERN + ":");
- sb.append(getConfig(CONFIG_PATTERN + i));
- sb.append(",");
- sb.append(GN_TYPE + ":");
- sb.append(getConfig(CONFIG_TYPE + i));
- sb.append(",");
- sb.append(GN_ENABLE + ":");
- sb.append(getConfig(CONFIG_GN_ENABLE + i));
- sb.append("}");
- }
- ;
-
- return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_ALT_NAME_EXT", getConfig(CONFIG_CRITICAL),
- sb.toString());
- }
-
- /**
- * Populates the request with this policy default.
- */
- public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
- SubjectAlternativeNameExtension ext = null;
-
- try {
- /* read from config file*/
- ext = createExtension(request);
-
- } catch (IOException e) {
- CMS.debug("SubjectAltNameExtDefault: populate " + e.toString());
- }
- if (ext != null) {
- addExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(),
- ext, info);
- } else {
- CMS.debug("SubjectAltNameExtDefault: populate sees no extension. get out");
- }
- }
-
- public SubjectAlternativeNameExtension createExtension(IRequest request)
- throws IOException {
- SubjectAlternativeNameExtension ext = null;
- int num = getNumGNs();
-
- boolean critical = Boolean.valueOf(
- getConfig(CONFIG_CRITICAL)).booleanValue();
-
- GeneralNames gn = new GeneralNames();
- int count = 0; // # of actual gnames
- for (int i = 0; i < num; i++) {
- String enable = getConfig(CONFIG_GN_ENABLE + i);
- if (enable != null && enable.equals("true")) {
- CMS.debug("SubjectAltNameExtDefault: createExtension i=" + i);
-
- String pattern = getConfig(CONFIG_PATTERN + i);
- if (pattern == null || pattern.equals("")) {
- pattern = " ";
- }
-
- if (!pattern.equals("")) {
- String gname = "";
-
- // cfu - see if this is server-generated (e.g. UUID4)
- // to use this feature, use $server.source$ in pattern
- String source = getConfig(CONFIG_SOURCE + i);
- String type = getConfig(CONFIG_TYPE + i);
- if ((source != null) && (!source.equals(""))) {
- if (type.equalsIgnoreCase("OtherName")) {
- CMS.debug("SubjectAlternativeNameExtension: using " +
- source + " as gn");
- if (source.equals(CONFIG_SOURCE_UUID4)) {
- UUID randUUID = UUID.randomUUID();
- // call the mapPattern that does server-side gen
- // request is not used, but needed for the substitute
- // function
- gname = mapPattern(randUUID.toString(), request, pattern);
- } else { //expand more server-gen types here
- CMS.debug("SubjectAltNameExtDefault: createExtension - unsupported server-generated type: "
- + source + ". Supported: UUID4");
- continue;
- }
- } else {
- CMS.debug("SubjectAltNameExtDefault: createExtension - source is only supported for subjAltExtType OtherName");
- continue;
- }
- } else {
- if (request != null) {
- gname = mapPattern(request, pattern);
- }
- }
-
- if (gname.equals("")) {
- CMS.debug("gname is empty, not added");
- continue;
- }
- CMS.debug("SubjectAltNameExtDefault: createExtension got gname=" + gname);
-
- GeneralNameInterface n = parseGeneralName(type + ":" + gname);
-
- CMS.debug("adding gname: " + gname);
- if (n != null) {
- CMS.debug("SubjectAlternativeNameExtension: n not null");
- gn.addElement(n);
- count++;
- } else {
- CMS.debug("SubjectAlternativeNameExtension: n null");
- }
- }
- }
- } //for
-
- if (count != 0) {
- try {
- ext = new SubjectAlternativeNameExtension();
- } catch (Exception e) {
- CMS.debug(e.toString());
- throw new IOException(e.toString());
- }
- ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn);
- ext.setCritical(critical);
- } else {
- CMS.debug("count is 0");
- }
- return ext;
- }
-
- public String mapPattern(IRequest request, String pattern)
- throws IOException {
- Pattern p = new Pattern(pattern);
- IAttrSet attrSet = null;
- if (request != null) {
- attrSet = request.asIAttrSet();
- }
- return p.substitute("request", attrSet);
- }
-
- // for server-side generated values
- public String mapPattern(String val, IRequest request, String pattern)
- throws IOException {
- Pattern p = new Pattern(pattern);
- IAttrSet attrSet = null;
- if (request != null) {
- attrSet = request.asIAttrSet();
- }
- try {
- attrSet.set("source", val);
- } catch (Exception e) {
- CMS.debug("SubjectAlternativeNameExtension: mapPattern source " + e.toString());
- }
-
- return p.substitute("server", attrSet);
- }
-}
generated by cgit (git 2.34.1) at 2024-07-05 16:43:56 +0000