diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/profile/input')
14 files changed, 2370 insertions, 0 deletions
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java new file mode 100644 index 000000000..4c368c03e --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java @@ -0,0 +1,129 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.profile.input; + + +import java.security.cert.*; +import java.io.*; +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.profile.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.property.*; +import com.netscape.certsrv.apps.*; + +import netscape.security.x509.*; +import netscape.security.util.*; +import netscape.security.pkcs.*; + +import com.netscape.cms.profile.common.*; + +import org.mozilla.jss.asn1.*; +import org.mozilla.jss.pkix.primitive.*; +import org.mozilla.jss.pkix.crmf.*; +import org.mozilla.jss.pkix.cmc.*; +import org.mozilla.jss.pkcs10.*; + + +/** + * This class implements the certificate request input. + * This input populates 2 main fields to the enrollment page: + * 1/ Certificate Request Type, 2/ Certificate Request + * <p> + * + * This input usually is used by an enrollment profile for + * certificate requests. + * + * @version $Revision$, $Date$ + */ +public class CMCCertReqInput extends EnrollInput implements IProfileInput { + public static final String VAL_CERT_REQUEST_TYPE = + EnrollProfile.CTX_CERT_REQUEST_TYPE; + public static final String VAL_CERT_REQUEST = + EnrollProfile.CTX_CERT_REQUEST; + + public EnrollProfile mEnrollProfile = null; + + public CMCCertReqInput() { + addValueName(VAL_CERT_REQUEST); + } + + /** + * Initializes this default policy. + */ + public void init(IProfile profile, IConfigStore config) + throws EProfileException { + super.init(profile, config); + + mEnrollProfile = (EnrollProfile) profile; + } + + /** + * Retrieves the localizable name of this policy. + */ + public String getName(Locale locale) { + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_CERT_REQ_NAME"); + } + + /** + * Retrieves the localizable description of this policy. + */ + public String getText(Locale locale) { + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_CERT_REQ_TEXT"); + } + + /** + * Populates the request with this policy default. + */ + public void populate(IProfileContext ctx, IRequest request) + throws EProfileException { + String cert_request = ctx.get(VAL_CERT_REQUEST); + X509CertInfo info = + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + + TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), cert_request); + + if (msgs == null) { + return; + } + // This profile only handle the first request in CRMF + Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); + if (seqNum == null) { + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_SEQ_NUM")); + } + + mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request); + request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); + } + + /** + * Retrieves the descriptor of the given value + * parameter by name. + */ + public IDescriptor getValueDescriptor(Locale locale, String name) { + if (name.equals(VAL_CERT_REQUEST)) { + return new Descriptor(IDescriptor.CERT_REQUEST, null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_INPUT_CERT_REQ")); + } + return null; + } +} diff --git a/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java new file mode 100644 index 000000000..565b7795e --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java @@ -0,0 +1,189 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.profile.input; + + +import java.security.cert.*; +import java.io.*; +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.profile.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.property.*; +import com.netscape.certsrv.apps.*; + +import netscape.security.x509.*; +import netscape.security.util.*; +import netscape.security.pkcs.*; + +import com.netscape.cms.profile.common.*; + +import org.mozilla.jss.asn1.*; +import org.mozilla.jss.pkix.primitive.*; +import org.mozilla.jss.pkix.crmf.*; +import org.mozilla.jss.pkix.cmc.*; +import org.mozilla.jss.pkcs10.*; + + +/** + * This class implements the certificate request input. + * This input populates 2 main fields to the enrollment page: + * 1/ Certificate Request Type, 2/ Certificate Request + * <p> + * + * This input usually is used by an enrollment profile for + * certificate requests. + * + * @version $Revision$, $Date$ + */ +public class CertReqInput extends EnrollInput implements IProfileInput { + public static final String VAL_CERT_REQUEST_TYPE = + EnrollProfile.CTX_CERT_REQUEST_TYPE; + public static final String VAL_CERT_REQUEST = + EnrollProfile.CTX_CERT_REQUEST; + + public EnrollProfile mEnrollProfile = null; + + public CertReqInput() { + addValueName(VAL_CERT_REQUEST_TYPE); + addValueName(VAL_CERT_REQUEST); + } + + /** + * Initializes this default policy. + */ + public void init(IProfile profile, IConfigStore config) + throws EProfileException { + super.init(profile, config); + + mEnrollProfile = (EnrollProfile) profile; + } + + /** + * Retrieves the localizable name of this policy. + */ + public String getName(Locale locale) { + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_CERT_REQ_NAME"); + } + + /** + * Retrieves the localizable description of this policy. + */ + public String getText(Locale locale) { + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_CERT_REQ_TEXT"); + } + + /** + * Populates the request with this policy default. + */ + public void populate(IProfileContext ctx, IRequest request) + throws EProfileException { + String cert_request_type = ctx.get(VAL_CERT_REQUEST_TYPE); + String cert_request = ctx.get(VAL_CERT_REQUEST); + X509CertInfo info = + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + + if (cert_request_type == null) { + CMS.debug("CertReqInput: populate - invalid cert request type " + + ""); + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", + "")); + } + + if (cert_request_type.equals(EnrollProfile.REQ_TYPE_PKCS10)) { + PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), cert_request); + + if (pkcs10 == null) { + throw new EProfileException(CMS.getUserMessage( + getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); + } + + mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request); + } else if (cert_request_type.startsWith(EnrollProfile.REQ_TYPE_KEYGEN)) { + DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), cert_request); + + if (keygen == null) { + throw new EProfileException(CMS.getUserMessage( + getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); + } + + mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request); + } else if (cert_request_type.startsWith(EnrollProfile.REQ_TYPE_CRMF)) { + CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), cert_request); + + if (msgs == null) { + throw new EProfileException(CMS.getUserMessage( + getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); + } + for (int x = 0; x < msgs.length; x++) { + verifyPOP(getLocale(request), msgs[x]); + } + // This profile only handle the first request in CRMF + Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); + + mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request + ); + } else if (cert_request_type.startsWith(EnrollProfile.REQ_TYPE_CMC)) { + TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), cert_request); + + if (msgs == null) { + throw new EProfileException(CMS.getUserMessage( + getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); + } + // This profile only handle the first request in CRMF + Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); + if (seqNum == null) { + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_SEQ_NUM")); + } + + mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request); + } else { + // error + CMS.debug("CertReqInput: populate - invalid cert request type " + + cert_request_type); + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", + cert_request_type)); + } + request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); + } + + /** + * Retrieves the descriptor of the given value + * parameter by name. + */ + public IDescriptor getValueDescriptor(Locale locale, String name) { + if (name.equals(VAL_CERT_REQUEST_TYPE)) { + return new Descriptor(IDescriptor.CERT_REQUEST_TYPE, null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_INPUT_CERT_REQ_TYPE")); + } else if (name.equals(VAL_CERT_REQUEST)) { + return new Descriptor(IDescriptor.CERT_REQUEST, null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_INPUT_CERT_REQ")); + } + return null; + } +} diff --git a/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java b/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java new file mode 100644 index 000000000..dfb7be887 --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java @@ -0,0 +1,164 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.profile.input; + + +import java.security.cert.*; +import java.io.*; +import java.util.*; +import org.mozilla.jss.asn1.*; +import org.mozilla.jss.pkix.crmf.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.profile.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.property.*; +import com.netscape.certsrv.apps.*; + +import netscape.security.x509.*; +import netscape.security.util.*; +import netscape.security.pkcs.*; + +import com.netscape.cms.profile.common.*; + + +/** + * This class implements the dual key generation input. + * This input populates parameters to the enrollment + * pages so that a CRMF request containing 2 certificate + * requests will be generated. + * <p> + * + * This input can only be used with Netscape 7.x or later + * clients. + * <p> + * + * @version $Revision$, $Date$ + */ +public class DualKeyGenInput extends EnrollInput implements IProfileInput { + + public static final String VAL_KEYGEN_REQUEST_TYPE = + EnrollProfile.CTX_CERT_REQUEST_TYPE; + public static final String VAL_KEYGEN_REQUEST = + EnrollProfile.CTX_CERT_REQUEST; + + public EnrollProfile mEnrollProfile = null; + + public DualKeyGenInput() { + addValueName(VAL_KEYGEN_REQUEST_TYPE); + addValueName(VAL_KEYGEN_REQUEST); + } + + /** + * Initializes this default policy. + */ + public void init(IProfile profile, IConfigStore config) + throws EProfileException { + super.init(profile, config); + mEnrollProfile = (EnrollProfile) profile; + } + + /** + * Retrieves the localizable name of this policy. + */ + public String getName(Locale locale) { + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_DUAL_KEY_NAME"); + } + + /** + * Retrieves the localizable description of this policy. + */ + public String getText(Locale locale) { + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_DUAL_KEY_TEXT"); + } + + /** + * Populates the request with this policy default. + */ + public void populate(IProfileContext ctx, IRequest request) + throws EProfileException { + String keygen_request_type = ctx.get(VAL_KEYGEN_REQUEST_TYPE); + String keygen_request = ctx.get(VAL_KEYGEN_REQUEST); + + X509CertInfo info = + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + + if (keygen_request_type == null) { + CMS.debug("DualKeyGenInput: populate - invalid cert request type " + + ""); + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", + "")); + } + if (keygen_request_type.startsWith("pkcs10")) { + PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request); + + mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request); + } else if (keygen_request_type.startsWith("keygen")) { + DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), keygen_request); + + mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request); + } else if (keygen_request_type.startsWith("crmf")) { + CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), keygen_request); + + if (msgs == null) { + throw new EProfileException(CMS.getUserMessage( + getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); + } + for (int x = 0; x < msgs.length; x++) { + verifyPOP(getLocale(request), msgs[x]); + } + // This profile only handle the first request in CRMF + Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); + + if (seqNum == null) { + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_SEQ_NUM")); + } + + mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request); + } else { + // error + CMS.debug("DualKeyGenInput: populate - " + + "invalid cert request type " + keygen_request_type); + throw new EProfileException(CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", + keygen_request_type)); + } + request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); + } + + /** + * Retrieves the descriptor of the given value + * parameter by name. + */ + public IDescriptor getValueDescriptor(Locale locale, String name) { + if (name.equals(VAL_KEYGEN_REQUEST_TYPE)) { + return new Descriptor(IDescriptor.DUAL_KEYGEN_REQUEST_TYPE, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ_TYPE")); + } else if (name.equals(VAL_KEYGEN_REQUEST)) { + return new Descriptor(IDescriptor.DUAL_KEYGEN_REQUEST, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ")); + } + return null; + } +} diff --git a/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java b/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java new file mode 100644 index 000000000..949e58b1a --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java @@ -0,0 +1,297 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.profile.input; + + +import java.util.*; + +import org.mozilla.jss.pkix.crmf.*; +import org.mozilla.jss.CryptoManager; +import org.mozilla.jss.crypto.CryptoToken; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.profile.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.logging.*; +import com.netscape.certsrv.property.*; +import com.netscape.certsrv.apps.*; + +import com.netscape.cms.profile.common.*; + + +/** + * This class implements the base enrollment input. + * + * @version $Revision$, $Date$ + */ +public abstract class EnrollInput implements IProfileInput { + + private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = + "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; + + protected IConfigStore mConfig = null; + protected Vector mValueNames = new Vector(); + protected Vector mConfigNames = new Vector(); + protected IProfile mProfile = null; + + protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); + + /** + * Initializes this default policy. + */ + public void init(IProfile profile, IConfigStore config) + throws EProfileException { + mConfig = config; + mProfile = profile; + } + + public IConfigStore getConfigStore() { + return mConfig; + } + + /** + * Populates the request with this policy default. + * + * @param ctx profile context + * @param request request + * @exception EProfileException failed to populate + */ + public abstract void populate(IProfileContext ctx, IRequest request) + throws EProfileException; + + /** + * Retrieves the localizable name of this policy. + * + * @param locale user locale + * @return localized input name + */ + public abstract String getName(Locale locale); + + /** + * Retrieves the localizable description of this policy. + * + * @param locale user locale + * @return localized input description + */ + public abstract String getText(Locale locale); + + /** + * Retrieves the descriptor of the given value + * property by name. + * + * @param locale user locale + * @param name property name + * @return descriptor of the property + */ + public abstract IDescriptor getValueDescriptor(Locale locale, String name); + + + public void addValueName(String name) { + mValueNames.addElement(name); + } + + /** + * Retrieves a list of names of the value parameter. + */ + public Enumeration getValueNames() { + return mValueNames.elements(); + } + + public void addConfigName(String name) { + mConfigNames.addElement(name); + } + + public Enumeration getConfigNames() { + return mConfigNames.elements(); + } + + public void setConfig(String name, String value) + throws EPropertyException { + if (mConfig.getSubStore("params") == null) { + // + } else { + mConfig.getSubStore("params").putString(name, value); + } + } + + public String getConfig(String name) { + try { + if (mConfig == null) { + return null; + } + if (mConfig.getSubStore("params") != null) { + return mConfig.getSubStore("params").getString(name); + } + } catch (EBaseException e) { + } + return ""; + } + + public String getDefaultConfig(String name) { + return null; + } + + public String getValue(String name, Locale locale, IRequest request) + throws EProfileException { + return request.getExtDataInString(name); + } + + /** + * Sets the value of the given value parameter by name. + */ + public void setValue(String name, Locale locale, IRequest request, + String value) throws EPropertyException { + request.setExtData(name, value); + } + + public Locale getLocale(IRequest request) { + Locale locale = null; + String language = request.getExtDataInString( + EnrollProfile.REQUEST_LOCALE); + if (language != null) { + locale = new Locale(language); + } + return locale; + } + + public IDescriptor getConfigDescriptor(Locale locale, String name) { + return null; + } + + public void verifyPOP(Locale locale, CertReqMsg certReqMsg) + throws EProfileException { + CMS.debug("EnrollInput ::in verifyPOP"); + + String auditMessage = null; + String auditSubjectID = auditSubjectID(); + + if (!certReqMsg.hasPop()) { + CMS.debug("CertReqMsg has not POP, return"); + return; + } + ProofOfPossession pop = certReqMsg.getPop(); + ProofOfPossession.Type popType = pop.getType(); + + if (popType != ProofOfPossession.SIGNATURE) { + CMS.debug("not POP SIGNATURE, return"); + return; + } + + try { + if (CMS.getConfigStore().getBoolean("cms.skipPOPVerify", false)) { + CMS.debug("skipPOPVerify on, return"); + return; + } + CMS.debug("POP verification begins:"); + CryptoManager cm = CryptoManager.getInstance(); + String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", + "Internal Key Storage Token"); + CryptoToken verifyToken = cm.getTokenByName(tokenName); + if (tokenName.equals("Internal Key Storage Token")) { + //use internal token + CMS.debug("POP verification using internal token"); + certReqMsg.verify(); + } else { + CMS.debug("POP verification using token:"+ tokenName); + certReqMsg.verify(verifyToken); + } + + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.SUCCESS ); + audit( auditMessage ); + } catch (Exception e) { + + CMS.debug("Failed POP verify! "+e.toString()); + CMS.debug(e); + + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.FAILURE ); + + audit( auditMessage ); + + throw new EProfileException(CMS.getUserMessage(locale, + "CMS_POP_VERIFICATION_ERROR")); + } + } + + /** + * Signed Audit Log + * + * This method is inherited by all extended "CMSServlet"s, + * and is called to store messages to the signed audit log. + * <P> + * + * @param msg signed audit log message + */ + protected void audit(String msg) { + // in this case, do NOT strip preceding/trailing whitespace + // from passed-in String parameters + + if (mSignedAuditLogger == null) { + return; + } + + mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); + } + + /** + * Signed Audit Log Subject ID + * + * This method is inherited by all extended "CMSServlet"s, + * and is called to obtain the "SubjectID" for + * a signed audit log message. + * <P> + * + * @return id string containing the signed audit log message SubjectID + */ + protected String auditSubjectID() { + // if no signed audit object exists, bail + if (mSignedAuditLogger == null) { + return null; + } + + String subjectID = null; + + // Initialize subjectID + SessionContext auditContext = SessionContext.getExistingContext(); + + if (auditContext != null) { + subjectID = (String) + auditContext.get(SessionContext.USER_ID); + + if (subjectID != null) { + subjectID = subjectID.trim(); + } else { + subjectID = ILogger.NONROLEUSER; + } + } else { + subjectID = ILogger.UNIDENTIFIED; + } + + return subjectID; + } +} diff --git a/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java b/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java new file mode 100644 index 000000000..e79372b16 --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java @@ -0,0 +1,141 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.profile.input; + + +import java.io.*; +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.profile.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.property.*; +import com.netscape.certsrv.apps.*; + +import java.net.*; +import java.security.*; + + +/** + * This class implements the image + * input that collects a picture. + * <p> + * + * @version $Revision$, $Date$ + */ +public class FileSigningInput extends EnrollInput implements IProfileInput { + + public static final String URL = "file_signing_url"; + public static final String TEXT = "file_signing_text"; + public static final String SIZE = "file_signing_size"; + public static final String DIGEST = "file_signing_digest"; + public static final String DIGEST_TYPE = "file_signing_digest_type"; + + public FileSigningInput() { + addValueName(URL); + addValueName(TEXT); + } + + /** + * Initializes this default policy. + */ + public void init(IProfile profile, IConfigStore config) + throws EProfileException { + super.init(profile, config); + } + + /** + * Retrieves the localizable name of this policy. + */ + public String getName(Locale locale) { + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_NAME"); + } + + /** + * Retrieves the localizable description of this policy. + */ + public String getText(Locale locale) { + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_TEXT"); + } + + public String toHexString(byte data[]) + { + StringBuffer sb = new StringBuffer(); + for (int i = 0; i < data.length; i++) { + int v = data[i] & 0xff; + if (v <= 9) { + sb.append("0"); + } + sb.append(Integer.toHexString(v)); + } + return sb.toString(); + } + + /** + * Populates the request with this policy default. + */ + public void populate(IProfileContext ctx, IRequest request) + throws EProfileException { + request.setExtData(TEXT, ctx.get(TEXT)); + request.setExtData(URL, ctx.get(URL)); + request.setExtData(DIGEST_TYPE, "SHA256"); + + try { + // retrieve file and calculate the hash + URL url = new URL(ctx.get(URL)); + URLConnection c = url.openConnection(); + c.setAllowUserInteraction(false); + c.setDoInput(true); + c.setDoOutput(false); + c.setUseCaches(false); + c.connect(); + int len = c.getContentLength(); + request.setExtData(SIZE, Integer.toString(len)); + BufferedInputStream is = new BufferedInputStream(c.getInputStream()); + byte data[] = new byte[len]; + is.read(data, 0, len); + is.close(); + + // calculate digest + MessageDigest digester = MessageDigest.getInstance("SHA256"); + byte digest[] = digester.digest(data); + request.setExtData(DIGEST, toHexString(digest)); + } catch (Exception e) { + CMS.debug("FileSigningInput populate failure " + e); + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_FILE_NOT_FOUND")); + } + } + + /** + * Retrieves the descriptor of the given value + * parameter by name. + */ + public IDescriptor getValueDescriptor(Locale locale, String name) { + if (name.equals(URL)) { + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_URL")); + } else if (name.equals(TEXT)) { + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_TEXT")); + } + return null; + } +} diff --git a/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java b/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java new file mode 100644 index 000000000..6358f272d --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java @@ -0,0 +1,155 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.profile.input; + + +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.profile.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.property.*; +import com.netscape.certsrv.apps.*; + + +/** + * This class implements a generic input. + * <p> + * + * @version $Revision$, $Date$ + */ +public class GenericInput extends EnrollInput implements IProfileInput { + + public static final String CONFIG_NUM = "gi_num"; + public static final String CONFIG_DISPLAY_NAME = "gi_display_name"; + public static final String CONFIG_PARAM_NAME = "gi_param_name"; + public static final String CONFIG_ENABLE = "gi_param_enable"; + + public static final int DEF_NUM = 5; + + public GenericInput() { + int num = getNum(); + for (int i = 0; i < num; i++) { + addConfigName(CONFIG_PARAM_NAME + i); + addConfigName(CONFIG_DISPLAY_NAME + i); + addConfigName(CONFIG_ENABLE + i); + } + } + + protected int getNum() { + int num = DEF_NUM; + String numC = getConfig(CONFIG_NUM); + + if (numC != null) { + try { + num = Integer.parseInt(numC); + } catch (NumberFormatException e) { + // ignore + } + } + return num; + } + + /** + * Initializes this default policy. + */ + public void init(IProfile profile, IConfigStore config) + throws EProfileException { + super.init(profile, config); + } + + /** + * Retrieves the localizable name of this policy. + */ + public String getName(Locale locale) { + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_GENERIC_NAME_NAME"); + } + + /** + * Retrieves the localizable description of this policy. + */ + public String getText(Locale locale) { + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_GENERIC_NAME_TEXT"); + } + + /** + * Returns selected value names based on the configuration. + */ + public Enumeration getValueNames() { + Vector v = new Vector(); + int num = getNum(); + for (int i = 0; i < num; i++) { + String enable = getConfig(CONFIG_ENABLE + i); + if (enable != null && enable.equals("true")) { + v.addElement(getConfig(CONFIG_PARAM_NAME + i)); + } + } + return v.elements(); + } + + /** + * Populates the request with this policy default. + */ + public void populate(IProfileContext ctx, IRequest request) + throws EProfileException { + int num = getNum(); + for (int i = 0; i < num; i++) { + String enable = getConfig(CONFIG_ENABLE + i); + if (enable != null && enable.equals("true")) { + String param = getConfig(CONFIG_PARAM_NAME + i); + request.setExtData(param, ctx.get(param)); + } + } + } + + public IDescriptor getConfigDescriptor(Locale locale, String name) { + int num = getNum(); + for (int i = 0; i < num; i++) { + if (name.equals(CONFIG_PARAM_NAME + i)) { + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_GI_PARAM_NAME") + i); + } else if (name.equals(CONFIG_DISPLAY_NAME + i)) { + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_GI_DISPLAY_NAME") + i); + } else if (name.equals(CONFIG_ENABLE + i)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_GI_ENABLE") + i); + } + } // for + return null; + } + + /** + * Retrieves the descriptor of the given value + * parameter by name. + */ + public IDescriptor getValueDescriptor(Locale locale, String name) { + int num = getNum(); + for (int i = 0; i < num; i++) { + String param = getConfig(CONFIG_PARAM_NAME + i); + if (param != null && param.equals(name)) { + return new Descriptor(IDescriptor.STRING, null, + null, + getConfig(CONFIG_DISPLAY_NAME + i)); + } + } + return null; + } +} diff --git a/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java b/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java new file mode 100644 index 000000000..ac913a93e --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java @@ -0,0 +1,86 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.profile.input; + + +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.profile.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.property.*; +import com.netscape.certsrv.apps.*; + + +/** + * This class implements the image + * input that collects a picture. + * <p> + * + * @version $Revision$, $Date$ + */ +public class ImageInput extends EnrollInput implements IProfileInput { + + public static final String IMAGE_URL = "image_url"; + + public ImageInput() { + addValueName(IMAGE_URL); + } + + /** + * Initializes this default policy. + */ + public void init(IProfile profile, IConfigStore config) + throws EProfileException { + super.init(profile, config); + } + + /** + * Retrieves the localizable name of this policy. + */ + public String getName(Locale locale) { + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_IMAGE_NAME"); + } + + /** + * Retrieves the localizable description of this policy. + */ + public String getText(Locale locale) { + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_IMAGE_TEXT"); + } + + /** + * Populates the request with this policy default. + */ + public void populate(IProfileContext ctx, IRequest request) + throws EProfileException { + request.setExtData(IMAGE_URL, ctx.get(IMAGE_URL)); + } + + /** + * Retrieves the descriptor of the given value + * parameter by name. + */ + public IDescriptor getValueDescriptor(Locale locale, String name) { + if (name.equals(IMAGE_URL)) { + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_IMAGE_URL")); + } + return null; + } +} diff --git a/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java b/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java new file mode 100644 index 000000000..cc8f9a70d --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java @@ -0,0 +1,187 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.profile.input; + + +import java.security.cert.*; +import java.io.*; +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.profile.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.property.*; +import com.netscape.certsrv.apps.*; + +import org.mozilla.jss.asn1.*; +import org.mozilla.jss.pkix.crmf.*; +import org.mozilla.jss.pkix.cmc.*; +import org.mozilla.jss.pkcs10.*; + +import netscape.security.x509.*; +import netscape.security.util.*; +import netscape.security.pkcs.*; + +import com.netscape.cms.profile.common.*; + + +/** + * This class implements the key generation input that + * populates parameters to the enrollment page for + * key generation. + * <p> + * + * This input normally is used with user-based or + * non certificate request profile. + * <p> + * + * @version $Revision$, $Date$ + */ +public class KeyGenInput extends EnrollInput implements IProfileInput { + + public static final String VAL_KEYGEN_REQUEST_TYPE = + EnrollProfile.CTX_CERT_REQUEST_TYPE; + public static final String VAL_KEYGEN_REQUEST = + EnrollProfile.CTX_CERT_REQUEST; + + public EnrollProfile mEnrollProfile = null; + + public KeyGenInput() { + addValueName(VAL_KEYGEN_REQUEST_TYPE); + addValueName(VAL_KEYGEN_REQUEST); + } + + /** + * Initializes this default policy. + */ + public void init(IProfile profile, IConfigStore config) + throws EProfileException { + super.init(profile, config); + mEnrollProfile = (EnrollProfile) profile; + } + + /** + * Retrieves the localizable name of this policy. + */ + public String getName(Locale locale) { + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEY_GEN_NAME"); + } + + /** + * Retrieves the localizable description of this policy. + */ + public String getText(Locale locale) { + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEY_GEN_TEXT"); + } + + /** + * Populates the request with this policy default. + */ + public void populate(IProfileContext ctx, IRequest request) + throws EProfileException { + String keygen_request_type = ctx.get(VAL_KEYGEN_REQUEST_TYPE); + String keygen_request = ctx.get(VAL_KEYGEN_REQUEST); + + X509CertInfo info = + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + + if (keygen_request_type == null) { + CMS.debug("KeyGenInput: populate - invalid cert request type " + + ""); + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", + "")); + } + if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_PKCS10)) { + PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request); + + if (pkcs10 == null) { + throw new EProfileException(CMS.getUserMessage( + getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); + } + + mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request); + } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_KEYGEN)) { + DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), keygen_request); + + if (keygen == null) { + throw new EProfileException(CMS.getUserMessage( + getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); + } + + mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request); + } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_CRMF)) { + CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), keygen_request); + + if (msgs == null) { + throw new EProfileException(CMS.getUserMessage( + getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); + } + for (int x = 0; x < msgs.length; x++) { + verifyPOP(getLocale(request), msgs[x]); + } + // This profile only handle the first request in CRMF + Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); + + mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request); + } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_CMC)) { + TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), keygen_request); + + if (msgs == null) { + throw new EProfileException(CMS.getUserMessage( + getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); + } + // This profile only handle the first request in CRMF + Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); + + if (seqNum == null) { + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_SEQ_NUM")); + } + + mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request); + } else { + // error + CMS.debug("DualKeyGenInput: populate - " + + "invalid cert request type " + keygen_request_type); + throw new EProfileException(CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", + keygen_request_type)); + } + request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); + } + + /** + * Retrieves the descriptor of the given value + * parameter by name. + */ + public IDescriptor getValueDescriptor(Locale locale, String name) { + if (name.equals(VAL_KEYGEN_REQUEST_TYPE)) { + return new Descriptor(IDescriptor.KEYGEN_REQUEST_TYPE, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ_TYPE")); + } else if (name.equals(VAL_KEYGEN_REQUEST)) { + return new Descriptor(IDescriptor.KEYGEN_REQUEST, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ")); + } + return null; + } +} diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java new file mode 100644 index 000000000..2eeaac114 --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java @@ -0,0 +1,94 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.profile.input; + + +import java.security.cert.*; +import java.io.*; +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.profile.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.property.*; +import com.netscape.certsrv.apps.*; + +import netscape.security.x509.*; +import netscape.security.util.*; +import netscape.security.pkcs.*; + +import com.netscape.cms.profile.common.*; + + +/** + * This class implements the serial number input + * for renewal + * <p> + * + * @author Christina Fu + */ +public class SerialNumRenewInput extends EnrollInput implements IProfileInput { + + public static final String SERIAL_NUM = "serial_num"; + + public SerialNumRenewInput() { + addValueName(SERIAL_NUM); + } + + /** + * Initializes this default policy. + */ + public void init(IProfile profile, IConfigStore config) + throws EProfileException { + super.init(profile, config); + } + + /** + * Retrieves the localizable name of this policy. + */ + public String getName(Locale locale) { + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SERIAL_NUM_NAME"); + } + + /** + * Retrieves the localizable description of this policy. + */ + public String getText(Locale locale) { + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SERIAL_NUM_TEXT"); + } + + /** + * Populates the request with this policy default. + */ + public void populate(IProfileContext ctx, IRequest request) + throws EProfileException { + // + } + + /** + * Retrieves the descriptor of the given value + * parameter by name. + */ + public IDescriptor getValueDescriptor(Locale locale, String name) { + if (name.equals(SERIAL_NUM)) { + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SERIAL_NUM_NAME")); + } + return null; + } +} diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java new file mode 100644 index 000000000..1f2512ff3 --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java @@ -0,0 +1,141 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.profile.input; + + +import java.security.cert.*; +import java.io.*; +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.profile.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.property.*; +import com.netscape.certsrv.apps.*; + +import netscape.security.x509.*; +import netscape.security.util.*; +import netscape.security.pkcs.*; + +import com.netscape.cms.profile.common.*; + + +/** + * This plugin accepts subject DN from end user. + */ +public class SubjectDNInput extends EnrollInput implements IProfileInput { + + public static final String VAL_SUBJECT = "subject"; + + public SubjectDNInput() { + } + + /** + * Initializes this default policy. + */ + public void init(IProfile profile, IConfigStore config) + throws EProfileException { + super.init(profile, config); + } + + /** + * Retrieves the localizable name of this policy. + */ + public String getName(Locale locale) { + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_NAME"); + } + + /** + * Retrieves the localizable description of this policy. + */ + public String getText(Locale locale) { + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_TEXT"); + } + + + public String getConfig(String name) { + String config = super.getConfig(name); + if (config == null || config.equals("")) + return "true"; + return config; + } + + /** + * Returns selected value names based on the configuration. + */ + public Enumeration getValueNames() { + Vector v = new Vector(); + v.addElement(VAL_SUBJECT); + return v.elements(); + } + + /** + * Populates the request with this policy default. + */ + public void populate(IProfileContext ctx, IRequest request) + throws EProfileException { + X509CertInfo info = + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + String subjectName = ""; + + subjectName = ctx.get(VAL_SUBJECT); + if (subjectName.equals("")) { + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + } + X500Name name = null; + + try { + name = new X500Name(subjectName); + } catch (Exception e) { + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName)); + } + parseSubjectName(name, info, request); + request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); + } + + public IDescriptor getConfigDescriptor(Locale locale, String name) { + return null; + } + + /** + * Retrieves the descriptor of the given value + * parameter by name. + */ + public IDescriptor getValueDescriptor(Locale locale, String name) { + if (name.equals(VAL_SUBJECT)) { + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME")); + } + return null; + } + + protected void parseSubjectName(X500Name subj, X509CertInfo info, IRequest req) + throws EProfileException { + try { + req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME, + new CertificateSubjectName(subj)); + } catch (Exception e) { + CMS.debug("SubjectNameInput: parseSubject Name " + + e.toString()); + } + } +} diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java new file mode 100644 index 000000000..fec7ceabb --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java @@ -0,0 +1,382 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.profile.input; + + +import java.security.cert.*; +import java.io.*; +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.profile.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.property.*; +import com.netscape.certsrv.apps.*; + +import netscape.security.x509.*; +import netscape.security.util.*; +import netscape.security.pkcs.*; + +import com.netscape.cms.profile.common.*; + + +/** + * This class implements the subject name input + * that populates text fields to the enrollment + * page so that distinguished name parameters + * can be collected from the user. + * <p> + * The collected parameters could be used for + * fomulating the subject name in the certificate. + * <p> + * + * @version $Revision$, $Date$ + */ +public class SubjectNameInput extends EnrollInput implements IProfileInput { + + public static final String CONFIG_UID = "sn_uid"; + public static final String CONFIG_EMAIL = "sn_e"; + public static final String CONFIG_CN = "sn_cn"; + public static final String CONFIG_OU3 = "sn_ou3"; + public static final String CONFIG_OU2 = "sn_ou2"; + public static final String CONFIG_OU1 = "sn_ou1"; + public static final String CONFIG_OU = "sn_ou"; + public static final String CONFIG_O = "sn_o"; + public static final String CONFIG_C = "sn_c"; + + public static final String VAL_UID = "sn_uid"; + public static final String VAL_EMAIL = "sn_e"; + public static final String VAL_CN = "sn_cn"; + public static final String VAL_OU3 = "sn_ou3"; + public static final String VAL_OU2 = "sn_ou2"; + public static final String VAL_OU1 = "sn_ou1"; + public static final String VAL_OU = "sn_ou"; + public static final String VAL_O = "sn_o"; + public static final String VAL_C = "sn_c"; + + public SubjectNameInput() { + addConfigName(CONFIG_UID); + addConfigName(CONFIG_EMAIL); + addConfigName(CONFIG_CN); + addConfigName(CONFIG_OU3); + addConfigName(CONFIG_OU2); + addConfigName(CONFIG_OU1); + addConfigName(CONFIG_OU); + addConfigName(CONFIG_O); + addConfigName(CONFIG_C); + } + + /** + * Initializes this default policy. + */ + public void init(IProfile profile, IConfigStore config) + throws EProfileException { + super.init(profile, config); + } + + /** + * Retrieves the localizable name of this policy. + */ + public String getName(Locale locale) { + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_NAME"); + } + + /** + * Retrieves the localizable description of this policy. + */ + public String getText(Locale locale) { + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_TEXT"); + } + + + public String getConfig(String name) { + String config = super.getConfig(name); + if (config == null || config.equals("")) + return "true"; + return config; + } + + /** + * Returns selected value names based on the configuration. + */ + public Enumeration getValueNames() { + Vector v = new Vector(); + String c_uid = getConfig(CONFIG_UID); + if (c_uid == null || c_uid.equals("")) { + v.addElement(VAL_UID); // default case + } else { + if (c_uid.equals("true")) { + v.addElement(VAL_UID); + } + } + String c_email = getConfig(CONFIG_EMAIL); + if (c_email == null || c_email.equals("")) { + v.addElement(VAL_EMAIL); + } else { + if (c_email.equals("true")) { + v.addElement(VAL_EMAIL); + } + } + String c_cn = getConfig(CONFIG_CN); + if (c_cn == null || c_cn.equals("")) { + v.addElement(VAL_CN); + } else { + if (c_cn.equals("true")) { + v.addElement(VAL_CN); + } + } + String c_ou3 = getConfig(CONFIG_OU3); + if (c_ou3 == null || c_ou3.equals("")) { + v.addElement(VAL_OU3); + } else { + if (c_ou3.equals("true")) { + v.addElement(VAL_OU3); + } + } + String c_ou2 = getConfig(CONFIG_OU2); + if (c_ou2 == null || c_ou2.equals("")) { + v.addElement(VAL_OU2); + } else { + if (c_ou2.equals("true")) { + v.addElement(VAL_OU2); + } + } + String c_ou1 = getConfig(CONFIG_OU1); + if (c_ou1 == null || c_ou1.equals("")) { + v.addElement(VAL_OU1); + } else { + if (c_ou1.equals("true")) { + v.addElement(VAL_OU1); + } + } + String c_ou = getConfig(CONFIG_OU); + if (c_ou == null || c_ou.equals("")) { + v.addElement(VAL_OU); + } else { + if (c_ou.equals("true")) { + v.addElement(VAL_OU); + } + } + String c_o = getConfig(CONFIG_O); + if (c_o == null || c_o.equals("")) { + v.addElement(VAL_O); + } else { + if (c_o.equals("true")) { + v.addElement(VAL_O); + } + } + String c_c = getConfig(CONFIG_C); + if (c_c == null || c_c.equals("")) { + v.addElement(VAL_C); + } else { + if (c_c.equals("true")) { + v.addElement(VAL_C); + } + } + return v.elements(); + } + + /** + * Populates the request with this policy default. + */ + public void populate(IProfileContext ctx, IRequest request) + throws EProfileException { + X509CertInfo info = + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + String subjectName = ""; + + String uid = ctx.get(VAL_UID); + + if (uid != null && !uid.equals("")) { + subjectName += "UID=" + uid; + } + String email = ctx.get(VAL_EMAIL); + + if (email != null && !email.equals("")) { + if (!subjectName.equals("")) { + subjectName += ","; + } + subjectName += "E=" + email; + } + String cn = ctx.get(VAL_CN); + + if (cn != null && !cn.equals("")) { + if (!subjectName.equals("")) { + subjectName += ","; + } + subjectName += "CN=" + cn; + } + String ou3 = ctx.get(VAL_OU3); + if (ou3 != null && !ou3.equals("")) { + if (!subjectName.equals("")) { + subjectName += ","; + } + subjectName += "OU=" + ou3; + } + String ou2 = ctx.get(VAL_OU2); + if (ou2 != null && !ou2.equals("")) { + if (!subjectName.equals("")) { + subjectName += ","; + } + subjectName += "OU=" + ou2; + } + String ou1 = ctx.get(VAL_OU1); + if (ou1 != null && !ou1.equals("")) { + if (!subjectName.equals("")) { + subjectName += ","; + } + subjectName += "OU=" + ou1; + } + String ou = ctx.get(VAL_OU); + if (ou != null && !ou.equals("")) { + if (!subjectName.equals("")) { + subjectName += ","; + } + subjectName += "OU=" + ou; + } + String o = ctx.get(VAL_O); + + if (o != null && !o.equals("")) { + if (!subjectName.equals("")) { + subjectName += ","; + } + subjectName += "O=" + o; + } + String c = ctx.get(VAL_C); + + if (c != null && !c.equals("")) { + if (!subjectName.equals("")) { + subjectName += ","; + } + subjectName += "C=" + c; + } + if (subjectName.equals("")) { + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + } + X500Name name = null; + + try { + name = new X500Name(subjectName); + } catch (Exception e) { + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName)); + } + parseSubjectName(name, info, request); + request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); + } + + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_UID)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "true", + CMS.getUserMessage(locale, "CMS_PROFILE_SN_UID")); + } else if (name.equals(CONFIG_EMAIL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "true", + CMS.getUserMessage(locale, "CMS_PROFILE_SN_UID")); + } else if (name.equals(CONFIG_CN)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "true", + CMS.getUserMessage(locale, "CMS_PROFILE_SN_CN")); + } else if (name.equals(CONFIG_OU3)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "true", + CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU")); + } else if (name.equals(CONFIG_OU2)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "true", + CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU")); + } else if (name.equals(CONFIG_OU1)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "true", + CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU")); + } else if (name.equals(CONFIG_OU)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "true", + CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU")); + } else if (name.equals(CONFIG_O)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "true", + CMS.getUserMessage(locale, "CMS_PROFILE_SN_O")); + } else if (name.equals(CONFIG_C)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "true", + CMS.getUserMessage(locale, "CMS_PROFILE_SN_C")); + } else { + return null; + } + } + + /** + * Retrieves the descriptor of the given value + * parameter by name. + */ + public IDescriptor getValueDescriptor(Locale locale, String name) { + if (name.equals(VAL_UID)) { + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_SN_UID")); + } else if (name.equals(VAL_EMAIL)) { + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_SN_EMAIL")); + } else if (name.equals(VAL_CN)) { + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_SN_CN")); + } else if (name.equals(VAL_OU3)) { + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU") + " 3"); + } else if (name.equals(VAL_OU2)) { + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU") + " 2"); + } else if (name.equals(VAL_OU1)) { + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU") + " 1"); + } else if (name.equals(VAL_OU)) { + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU")); + } else if (name.equals(VAL_O)) { + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_SN_O")); + } else if (name.equals(VAL_C)) { + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_SN_C")); + } + return null; + } + + protected void parseSubjectName(X500Name subj, X509CertInfo info, IRequest req) + throws EProfileException { + try { + req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME, + new CertificateSubjectName(subj)); + } catch (Exception e) { + CMS.debug("SubjectNameInput: parseSubject Name " + + e.toString()); + } + } +} diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java new file mode 100644 index 000000000..eac2ffc69 --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java @@ -0,0 +1,107 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.profile.input; + + +import java.security.cert.*; +import java.io.*; +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.profile.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.property.*; +import com.netscape.certsrv.apps.*; + +import netscape.security.x509.*; +import netscape.security.util.*; +import netscape.security.pkcs.*; + +import com.netscape.cms.profile.common.*; + + +/** + * This class implements the submitter information + * input that collects certificate requestor's + * information such as name, email and phone. + * <p> + * + * @version $Revision$, $Date$ + */ +public class SubmitterInfoInput extends EnrollInput implements IProfileInput { + + public static final String NAME = "requestor_name"; + public static final String EMAIL = "requestor_email"; + public static final String PHONE = "requestor_phone"; + + public SubmitterInfoInput() { + addValueName(NAME); + addValueName(EMAIL); + addValueName(PHONE); + } + + /** + * Initializes this default policy. + */ + public void init(IProfile profile, IConfigStore config) + throws EProfileException { + super.init(profile, config); + } + + /** + * Retrieves the localizable name of this policy. + */ + public String getName(Locale locale) { + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBMITTER_NAME"); + } + + /** + * Retrieves the localizable description of this policy. + */ + public String getText(Locale locale) { + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBMITTER_TEXT"); + } + + /** + * Populates the request with this policy default. + */ + public void populate(IProfileContext ctx, IRequest request) + throws EProfileException { + // + } + + /** + * Retrieves the descriptor of the given value + * parameter by name. + */ + public IDescriptor getValueDescriptor(Locale locale, String name) { + if (name.equals(NAME)) { + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_REQUESTOR_NAME")); + } else if (name.equals(EMAIL)) { + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_REQUESTOR_EMAIL")); + } else if (name.equals(PHONE)) { + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_REQUESTOR_PHONE")); + } + return null; + } +} diff --git a/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java new file mode 100644 index 000000000..20b8c571c --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java @@ -0,0 +1,160 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.profile.input; + + +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.profile.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.property.*; +import com.netscape.certsrv.apps.*; + +import netscape.security.x509.*; + +import com.netscape.cms.profile.common.*; + + +/** + * This class implements the certificate request input from TPS. + * This input populates 2 main fields to the enrollment "page": + * 1/ token cuid, 2/ publickey + * <p> + * + * This input usually is used by an enrollment profile for + * certificate requests coming from TPS. + * + * @version $Revision$, $Date$ + */ +public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput { + public static final String VAL_TOKEN_CUID = "tokencuid"; + public static final String VAL_PUBLIC_KEY = "publickey"; + + public EnrollProfile mEnrollProfile = null; + + public nsHKeyCertReqInput() { + addValueName(VAL_TOKEN_CUID); + addValueName(VAL_PUBLIC_KEY); + } + + /** + * Initializes this default policy. + */ + public void init(IProfile profile, IConfigStore config) + throws EProfileException { + super.init(profile, config); + + mEnrollProfile = (EnrollProfile) profile; + } + + /** + * Retrieves the localizable name of this policy. + */ + public String getName(Locale locale) { + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_NAME"); + } + + /** + * Retrieves the localizable description of this policy. + */ + public String getText(Locale locale) { + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TEXT"); + } + + /* + * Pretty print token cuid + */ + public String toPrettyPrint(String cuid) + { + if (cuid == null) + return null; + + if (cuid.length() != 20) + return null; + + StringBuffer sb = new StringBuffer(); + for (int i=0; i < cuid.length(); i++) { + if (i == 4 || i == 8 || i == 12 || i == 16) { + sb.append("-"); + } + sb.append(cuid.charAt(i)); + } + return sb.toString(); + } + + /** + * Populates the request with this policy default. + */ + public void populate(IProfileContext ctx, IRequest request) + throws EProfileException { + String tcuid = ctx.get(VAL_TOKEN_CUID); + // pretty print tcuid + String prettyPrintCuid = toPrettyPrint(tcuid); + if (prettyPrintCuid == null) { + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_TOKENKEY_NO_TOKENCUID", + "")); + } + + request.setExtData("pretty_print_tokencuid", prettyPrintCuid); + + String pk = ctx.get(VAL_PUBLIC_KEY); + X509CertInfo info = + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + + if (tcuid == null) { + CMS.debug("nsHKeyCertReqInput: populate - tokencuid not found " + + ""); + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_TOKENKEY_NO_TOKENCUID", + "")); + } + if (pk == null) { + CMS.debug("nsHKeyCertReqInput: populate - public key not found " + + ""); + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY", + "")); + } + + mEnrollProfile.fillNSHKEY(getLocale(request), tcuid, pk, info, request); + request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); + } + + /** + * Retrieves the descriptor of the given value + * parameter by name. + */ + public IDescriptor getValueDescriptor(Locale locale, String name) { + if (name.equals(VAL_TOKEN_CUID)) { + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TOKEN_CUID")); + } else if (name.equals(VAL_PUBLIC_KEY)) { + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK")); + } + return null; + } +} diff --git a/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java new file mode 100644 index 000000000..367c20646 --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java @@ -0,0 +1,138 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.profile.input; + + +import java.security.cert.*; +import java.io.*; +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.profile.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.property.*; +import com.netscape.certsrv.apps.*; + +import netscape.security.x509.*; +import netscape.security.util.*; +import netscape.security.pkcs.*; + +import com.netscape.cms.profile.common.*; + +import org.mozilla.jss.asn1.*; +import org.mozilla.jss.pkix.primitive.*; +import org.mozilla.jss.pkix.crmf.*; +import org.mozilla.jss.pkix.cmc.*; +import org.mozilla.jss.pkcs10.*; + + +/** + * This class implements the certificate request input from TPS. + * This input populates 2 main fields to the enrollment "page": + * 1/ id, 2/ publickey + * <p> + * + * This input usually is used by an enrollment profile for + * certificate requests coming from TPS. + * + * @version $Revision$, $Date$ + */ +public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput { + public static final String VAL_SN = "screenname"; + public static final String VAL_PUBLIC_KEY = "publickey"; + + public EnrollProfile mEnrollProfile = null; + + public nsNKeyCertReqInput() { + addValueName(VAL_SN); + addValueName(VAL_PUBLIC_KEY); + } + + /** + * Initializes this default policy. + */ + public void init(IProfile profile, IConfigStore config) + throws EProfileException { + super.init(profile, config); + + mEnrollProfile = (EnrollProfile) profile; + } + + /** + * Retrieves the localizable name of this policy. + */ + public String getName(Locale locale) { + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_NAME"); + } + + /** + * Retrieves the localizable description of this policy. + */ + public String getText(Locale locale) { + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TEXT"); + } + + /** + * Populates the request with this policy default. + */ + public void populate(IProfileContext ctx, IRequest request) + throws EProfileException { + String sn = ctx.get(VAL_SN); + String pk = ctx.get(VAL_PUBLIC_KEY); + X509CertInfo info = + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + + if (sn == null) { + CMS.debug("nsNKeyCertReqInput: populate - id not found " + + ""); + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_TOKENKEY_NO_ID", + "")); + } + if (pk == null) { + CMS.debug("nsNKeyCertReqInput: populate - public key not found " + + ""); + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY", + "")); + } + + mEnrollProfile.fillNSNKEY(getLocale(request), sn, pk, info, request); + request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); + } + + /** + * Retrieves the descriptor of the given value + * parameter by name. + */ + public IDescriptor getValueDescriptor(Locale locale, String name) { + if (name.equals(VAL_SN)) { + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_UID")); + } else if (name.equals(VAL_PUBLIC_KEY)) { + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK")); + } + return null; + } +} |