diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/profile')
89 files changed, 6298 insertions, 6866 deletions
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java index acaf9772a..578324869 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import java.util.Enumeration; import java.util.Hashtable; import java.util.Locale; @@ -49,10 +48,9 @@ import com.netscape.certsrv.registry.IPluginRegistry; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.RequestStatus; - /** * This class implements a basic profile. - * + * * @version $Revision$, $Date$ */ public abstract class BasicProfile implements IProfile { @@ -76,8 +74,8 @@ public abstract class BasicProfile implements IProfile { public static final String PROP_NAME = "name"; public static final String PROP_DESC = "desc"; public static final String PROP_NO_DEFAULT = "noDefaultImpl"; - public static final String PROP_NO_CONSTRAINT= "noConstraintImpl"; - public static final String PROP_GENERIC_EXT_DEFAULT= "genericExtDefaultImpl"; + public static final String PROP_NO_CONSTRAINT = "noConstraintImpl"; + public static final String PROP_GENERIC_EXT_DEFAULT = "genericExtDefaultImpl"; protected IProfileSubsystem mOwner = null; protected IConfigStore mConfig = null; @@ -144,21 +142,19 @@ public abstract class BasicProfile implements IProfile { public IProfileAuthenticator getAuthenticator() throws EProfileException { try { - IAuthSubsystem authSub = (IAuthSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); - IProfileAuthenticator auth = (IProfileAuthenticator) - authSub.get(mAuthInstanceId); - - if (mAuthInstanceId != null && mAuthInstanceId.length() > 0 - && auth == null) { - throw new EProfileException("Cannot load " + - mAuthInstanceId); + IAuthSubsystem authSub = (IAuthSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_AUTH); + IProfileAuthenticator auth = (IProfileAuthenticator) authSub + .get(mAuthInstanceId); + + if (mAuthInstanceId != null && mAuthInstanceId.length() > 0 + && auth == null) { + throw new EProfileException("Cannot load " + mAuthInstanceId); } return auth; } catch (Exception e) { if (mAuthInstanceId != null) { - throw new EProfileException("Cannot load " + - mAuthInstanceId); + throw new EProfileException("Cannot load " + mAuthInstanceId); } return null; } @@ -167,7 +163,7 @@ public abstract class BasicProfile implements IProfile { public String getRequestorDN(IRequest request) { return null; } - + public String getAuthenticatorId() { return mAuthInstanceId; } @@ -185,7 +181,7 @@ public abstract class BasicProfile implements IProfile { * Initializes this profile. */ public void init(IProfileSubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { CMS.debug("BasicProfile: start init"); mOwner = owner; mConfig = config; @@ -204,17 +200,19 @@ public abstract class BasicProfile implements IProfile { // policy.p1.default.class=com.netscape.cms.profile.defaults.SubjectName // policy.p1.default.params.x1=x1 // policy.p1.default.params.x2=x2 - // policy.p1.constraint.class= ... .cms.profile.constraints.ValidityRange + // policy.p1.constraint.class= ... + // .cms.profile.constraints.ValidityRange // policy.p1.constraint.params.x1=x1 // policy.p1.constraint.params.x2=x2 - // handle profile authentication plugins + // handle profile authentication plugins try { - mAuthInstanceId = config.getString("auth." + PROP_INSTANCE_ID, null); + mAuthInstanceId = config + .getString("auth." + PROP_INSTANCE_ID, null); mAuthzAcl = config.getString("authz.acl", ""); } catch (EBaseException e) { - CMS.debug("BasicProfile: authentication class not found " + - e.toString()); + CMS.debug("BasicProfile: authentication class not found " + + e.toString()); } // handle profile input plugins @@ -224,8 +222,8 @@ public abstract class BasicProfile implements IProfile { while (input_st.hasMoreTokens()) { String input_id = (String) input_st.nextToken(); - String inputClassId = inputStore.getString(input_id + "." + - PROP_CLASS_ID); + String inputClassId = inputStore.getString(input_id + "." + + PROP_CLASS_ID); IPluginInfo inputInfo = mRegistry.getPluginInfo("profileInput", inputClassId); String inputClass = inputInfo.getClassName(); @@ -233,13 +231,12 @@ public abstract class BasicProfile implements IProfile { IProfileInput input = null; try { - input = (IProfileInput) - Class.forName(inputClass).newInstance(); + input = (IProfileInput) Class.forName(inputClass).newInstance(); } catch (Exception e) { // throw Exception - CMS.debug("BasicProfile: input plugin Class.forName " + - inputClass + " " + e.toString()); - throw new EBaseException( e.toString() ); + CMS.debug("BasicProfile: input plugin Class.forName " + + inputClass + " " + e.toString()); + throw new EBaseException(e.toString()); } IConfigStore inputConfig = inputStore.getSubStore(input_id); input.init(this, inputConfig); @@ -255,8 +252,8 @@ public abstract class BasicProfile implements IProfile { while (output_st.hasMoreTokens()) { String output_id = (String) output_st.nextToken(); - String outputClassId = outputStore.getString(output_id + "." + - PROP_CLASS_ID); + String outputClassId = outputStore.getString(output_id + "." + + PROP_CLASS_ID); IPluginInfo outputInfo = mRegistry.getPluginInfo("profileOutput", outputClassId); String outputClass = outputInfo.getClassName(); @@ -264,13 +261,13 @@ public abstract class BasicProfile implements IProfile { IProfileOutput output = null; try { - output = (IProfileOutput) - Class.forName(outputClass).newInstance(); + output = (IProfileOutput) Class.forName(outputClass) + .newInstance(); } catch (Exception e) { // throw Exception - CMS.debug("BasicProfile: output plugin Class.forName " + - outputClass + " " + e.toString()); - throw new EBaseException( e.toString() ); + CMS.debug("BasicProfile: output plugin Class.forName " + + outputClass + " " + e.toString()); + throw new EBaseException(e.toString()); } IConfigStore outputConfig = outputStore.getSubStore(output_id); output.init(this, outputConfig); @@ -286,22 +283,22 @@ public abstract class BasicProfile implements IProfile { while (updater_st.hasMoreTokens()) { String updater_id = (String) updater_st.nextToken(); - String updaterClassId = updaterStore.getString(updater_id + "." + - PROP_CLASS_ID); + String updaterClassId = updaterStore.getString(updater_id + "." + + PROP_CLASS_ID); IPluginInfo updaterInfo = mRegistry.getPluginInfo("profileUpdater", - updaterClassId); + updaterClassId); String updaterClass = updaterInfo.getClassName(); IProfileUpdater updater = null; try { - updater = (IProfileUpdater) - Class.forName(updaterClass).newInstance(); + updater = (IProfileUpdater) Class.forName(updaterClass) + .newInstance(); } catch (Exception e) { // throw Exception - CMS.debug("BasicProfile: updater plugin Class.forName " + - updaterClass + " " + e.toString()); - throw new EBaseException( e.toString() ); + CMS.debug("BasicProfile: updater plugin Class.forName " + + updaterClass + " " + e.toString()); + throw new EBaseException(e.toString()); } IConfigStore updaterConfig = updaterStore.getSubStore(updater_id); updater.init(this, updaterConfig); @@ -325,15 +322,15 @@ public abstract class BasicProfile implements IProfile { String id = (String) st1.nextToken(); String defaultRoot = id + "." + PROP_DEFAULT; - String defaultClassId = policyStore.getString(defaultRoot + "." + - PROP_CLASS_ID); + String defaultClassId = policyStore.getString(defaultRoot + "." + + PROP_CLASS_ID); String constraintRoot = id + "." + PROP_CONSTRAINT; - String constraintClassId = - policyStore.getString(constraintRoot + "." + PROP_CLASS_ID); + String constraintClassId = policyStore.getString(constraintRoot + + "." + PROP_CLASS_ID); - createProfilePolicy(setId, id, defaultClassId, - constraintClassId, false); + createProfilePolicy(setId, id, defaultClassId, + constraintClassId, false); } } CMS.debug("BasicProfile: done init"); @@ -380,20 +377,20 @@ public abstract class BasicProfile implements IProfile { } public String getInput(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { return null; } public void setInput(String name, Locale locale, IRequest request, - String value) throws EProfileException { + String value) throws EProfileException { } public Enumeration getProfilePolicySetIds() { return mPolicySet.keys(); } - public void deleteProfilePolicy(String setId, String policyId) - throws EProfileException { + public void deleteProfilePolicy(String setId, String policyId) + throws EProfileException { Vector policies = (Vector) mPolicySet.get(setId); if (policies == null) { @@ -436,26 +433,28 @@ public abstract class BasicProfile implements IProfile { policies.removeElementAt(i); if (size == 1) { mPolicySet.remove(setId); - String setlist = policySetSubStore.getString(PROP_POLICY_LIST, null); + String setlist = policySetSubStore.getString( + PROP_POLICY_LIST, null); StringTokenizer st1 = new StringTokenizer(setlist, ","); String newlist1 = ""; while (st1.hasMoreTokens()) { String e = st1.nextToken(); - if (!e.equals(setId)) + if (!e.equals(setId)) newlist1 = newlist1 + e + ","; } - if (!newlist1.equals("")) - newlist1 = newlist1.substring(0, newlist1.length() - 1); + if (!newlist1.equals("")) + newlist1 = newlist1.substring(0, + newlist1.length() - 1); policySetSubStore.putString(PROP_POLICY_LIST, newlist1); } break; } } - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); mConfig.commit(false); } catch (Exception e) { } @@ -496,8 +495,8 @@ public abstract class BasicProfile implements IProfile { mInputs.remove(inputId); mConfig.putString("input." + PROP_INPUT_LIST, newlist); - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); mConfig.commit(false); } catch (Exception e) { } @@ -537,24 +536,22 @@ public abstract class BasicProfile implements IProfile { mOutputs.remove(outputId); mConfig.putString("output." + PROP_OUTPUT_LIST, newlist); - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); mConfig.commit(false); } catch (Exception e) { } } - public IProfileOutput createProfileOutput(String id, String outputId, - NameValuePairs nvps) - throws EProfileException { - return createProfileOutput(id, outputId, nvps, true); + public IProfileOutput createProfileOutput(String id, String outputId, + NameValuePairs nvps) throws EProfileException { + return createProfileOutput(id, outputId, nvps, true); } public IProfileOutput createProfileOutput(String id, String outputId, - NameValuePairs nvps, boolean createConfig) + NameValuePairs nvps, boolean createConfig) - - throws EProfileException { + throws EProfileException { IConfigStore outputStore = mConfig.getSubStore("output"); String output_list = null; @@ -576,8 +573,7 @@ public abstract class BasicProfile implements IProfile { IProfileOutput output = null; try { - output = (IProfileOutput) - Class.forName(outputClass).newInstance(); + output = (IProfileOutput) Class.forName(outputClass).newInstance(); } catch (Exception e) { // throw Exception CMS.debug(e.toString()); @@ -610,7 +606,8 @@ public abstract class BasicProfile implements IProfile { String pid = st1.nextToken(); if (pid.equals(id)) { - throw new EProfileException("Duplicate output id: " + id); + throw new EProfileException("Duplicate output id: " + + id); } } outputStore.putString(PROP_OUTPUT_LIST, list + "," + id); @@ -618,7 +615,7 @@ public abstract class BasicProfile implements IProfile { String prefix = id + "."; outputStore.putString(prefix + "name", - outputInfo.getName(Locale.getDefault())); + outputInfo.getName(Locale.getDefault())); outputStore.putString(prefix + "class_id", outputId); Enumeration enum1 = nvps.getNames(); @@ -626,19 +623,20 @@ public abstract class BasicProfile implements IProfile { while (enum1.hasMoreElements()) { String name = (String) enum1.nextElement(); - outputStore.putString(prefix + "params." + name, nvps.getValue(name)); + outputStore.putString(prefix + "params." + name, + nvps.getValue(name)); try { - if (output != null) { - output.setConfig(name, nvps.getValue(name)); - } + if (output != null) { + output.setConfig(name, nvps.getValue(name)); + } } catch (EBaseException e) { - CMS.debug(e.toString()); + CMS.debug(e.toString()); } } try { - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); mConfig.commit(false); } catch (EBaseException e) { CMS.debug(e.toString()); @@ -648,15 +646,13 @@ public abstract class BasicProfile implements IProfile { return output; } - public IProfileInput createProfileInput(String id, String inputId, - NameValuePairs nvps) - throws EProfileException { - return createProfileInput(id, inputId, nvps, true); + public IProfileInput createProfileInput(String id, String inputId, + NameValuePairs nvps) throws EProfileException { + return createProfileInput(id, inputId, nvps, true); } public IProfileInput createProfileInput(String id, String inputId, - NameValuePairs nvps, boolean createConfig) - throws EProfileException { + NameValuePairs nvps, boolean createConfig) throws EProfileException { IConfigStore inputStore = mConfig.getSubStore("input"); String input_list = null; @@ -666,8 +662,8 @@ public abstract class BasicProfile implements IProfile { } catch (Exception ee) { } - IPluginInfo inputInfo = mRegistry.getPluginInfo("profileInput", - inputId); + IPluginInfo inputInfo = mRegistry + .getPluginInfo("profileInput", inputId); if (inputInfo == null) { CMS.debug("Cannot find " + inputId); @@ -679,8 +675,7 @@ public abstract class BasicProfile implements IProfile { IProfileInput input = null; try { - input = (IProfileInput) - Class.forName(inputClass).newInstance(); + input = (IProfileInput) Class.forName(inputClass).newInstance(); } catch (Exception e) { // throw Exception CMS.debug(e.toString()); @@ -720,28 +715,29 @@ public abstract class BasicProfile implements IProfile { } String prefix = id + "."; - inputStore.putString(prefix + "name", - inputInfo.getName(Locale.getDefault())); + inputStore.putString(prefix + "name", + inputInfo.getName(Locale.getDefault())); inputStore.putString(prefix + "class_id", inputId); - + Enumeration enum1 = nvps.getNames(); while (enum1.hasMoreElements()) { String name = (String) enum1.nextElement(); - inputStore.putString(prefix + "params." + name, nvps.getValue(name)); + inputStore.putString(prefix + "params." + name, + nvps.getValue(name)); try { - if (input != null) { - input.setConfig(name, nvps.getValue(name)); - } + if (input != null) { + input.setConfig(name, nvps.getValue(name)); + } } catch (EBaseException e) { - CMS.debug(e.toString()); + CMS.debug(e.toString()); } } try { - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); mConfig.commit(false); } catch (EBaseException e) { CMS.debug(e.toString()); @@ -754,23 +750,25 @@ public abstract class BasicProfile implements IProfile { /** * Creates a profile policy */ - public IProfilePolicy createProfilePolicy(String setId, String id, - String defaultClassId, String constraintClassId) - throws EProfileException { - return createProfilePolicy(setId, id, defaultClassId, + public IProfilePolicy createProfilePolicy(String setId, String id, + String defaultClassId, String constraintClassId) + throws EProfileException { + return createProfilePolicy(setId, id, defaultClassId, constraintClassId, true); } - public IProfilePolicy createProfilePolicy(String setId, String id, - String defaultClassId, String constraintClassId, - boolean createConfig) - throws EProfileException { - + public IProfilePolicy createProfilePolicy(String setId, String id, + String defaultClassId, String constraintClassId, + boolean createConfig) throws EProfileException { + // String setId ex: policyset.set1 - // String id Id of policy : examples: p1,p2,p3 - // String defaultClassId : id of the default plugin ex: validityDefaultImpl - // String constraintClassId : if of the constraint plugin ex: basicConstraintsExtConstraintImpl - // boolean createConfig : true : being called from the console. false: being called from server startup code + // String id Id of policy : examples: p1,p2,p3 + // String defaultClassId : id of the default plugin ex: + // validityDefaultImpl + // String constraintClassId : if of the constraint plugin ex: + // basicConstraintsExtConstraintImpl + // boolean createConfig : true : being called from the console. false: + // being called from server startup code Vector policies = (Vector) mPolicySet.get(setId); @@ -778,9 +776,9 @@ public abstract class BasicProfile implements IProfile { if (policies == null) { policies = new Vector(); mPolicySet.put(setId, policies); - if (createConfig) { + if (createConfig) { // re-create policyset.list - StringBuffer setlist =new StringBuffer(); + StringBuffer setlist = new StringBuffer(); Enumeration keys = mPolicySet.keys(); while (keys.hasMoreElements()) { @@ -794,62 +792,64 @@ public abstract class BasicProfile implements IProfile { mConfig.putString("policyset.list", setlist.toString()); } } else { - String ids = null; + String ids = null; - try { - ids = policyStore.getString(PROP_POLICY_LIST, ""); - } catch (Exception ee) { - } + try { + ids = policyStore.getString(PROP_POLICY_LIST, ""); + } catch (Exception ee) { + } - if( ids == null ) { - CMS.debug("BasicProfile::createProfilePolicy() - ids is null!" ); - return null; - } + if (ids == null) { + CMS.debug("BasicProfile::createProfilePolicy() - ids is null!"); + return null; + } - StringTokenizer st1 = new StringTokenizer(ids, ","); - int appearances = 0; - int appearancesTooMany = 0; - if (createConfig) - appearancesTooMany = 1; - else - appearancesTooMany = 2; + StringTokenizer st1 = new StringTokenizer(ids, ","); + int appearances = 0; + int appearancesTooMany = 0; + if (createConfig) + appearancesTooMany = 1; + else + appearancesTooMany = 2; - while (st1.hasMoreTokens()) { - String pid = st1.nextToken(); - if (pid.equals(id)) { - appearances++; - if (appearances >= appearancesTooMany) { - CMS.debug("WARNING detected duplicate policy id: " + id + " Profile: " + mId); - if (createConfig) { - throw new EProfileException("Duplicate policy id: " + id); - } + while (st1.hasMoreTokens()) { + String pid = st1.nextToken(); + if (pid.equals(id)) { + appearances++; + if (appearances >= appearancesTooMany) { + CMS.debug("WARNING detected duplicate policy id: " + + id + " Profile: " + mId); + if (createConfig) { + throw new EProfileException("Duplicate policy id: " + + id); } } } + } } // Now make sure we aren't trying to add a policy that already exists IConfigStore policySetStore = mConfig.getSubStore("policyset"); - String setlist = null; + String setlist = null; try { setlist = policySetStore.getString("list", ""); } catch (Exception e) { } StringTokenizer st = new StringTokenizer(setlist, ","); - int matches = 0; + int matches = 0; while (st.hasMoreTokens()) { String sId = (String) st.nextToken(); - //Only search the setId set. Ex: encryptionCertSet + // Only search the setId set. Ex: encryptionCertSet if (!sId.equals(setId)) { continue; } IConfigStore pStore = policySetStore.getSubStore(sId); - + String list = null; try { - list = pStore.getString(PROP_POLICY_LIST, ""); + list = pStore.getString(PROP_POLICY_LIST, ""); } catch (Exception e) { CMS.debug("WARNING, can't get policy id list!"); } @@ -862,38 +862,48 @@ public abstract class BasicProfile implements IProfile { String defaultRoot = curId + "." + PROP_DEFAULT; String curDefaultClassId = null; try { - curDefaultClassId = pStore.getString(defaultRoot + "." + - PROP_CLASS_ID); - } catch(Exception e) { + curDefaultClassId = pStore.getString(defaultRoot + "." + + PROP_CLASS_ID); + } catch (Exception e) { CMS.debug("WARNING, can't get default plugin id!"); } String constraintRoot = curId + "." + PROP_CONSTRAINT; String curConstraintClassId = null; try { - curConstraintClassId = pStore.getString(constraintRoot + "." + PROP_CLASS_ID); + curConstraintClassId = pStore.getString(constraintRoot + + "." + PROP_CLASS_ID); } catch (Exception e) { CMS.debug("WARNING, can't get constraint plugin id!"); } - //Disallow duplicate defaults with the following exceptions: + // Disallow duplicate defaults with the following exceptions: // noDefaultImpl, genericExtDefaultImpl - if ((curDefaultClassId.equals(defaultClassId) && - !curDefaultClassId.equals(PROP_NO_DEFAULT) && - !curDefaultClassId.equals(PROP_GENERIC_EXT_DEFAULT)) ) { + if ((curDefaultClassId.equals(defaultClassId) + && !curDefaultClassId.equals(PROP_NO_DEFAULT) && !curDefaultClassId + .equals(PROP_GENERIC_EXT_DEFAULT))) { matches++; if (createConfig) { if (matches == 1) { - CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + constraintClassId + - " Contact System Administrator."); - throw new EProfileException("Attempt to add duplicate Policy : " + defaultClassId + ":" + constraintClassId); + CMS.debug("WARNING attempt to add duplicate Policy " + + defaultClassId + + ":" + + constraintClassId + + " Contact System Administrator."); + throw new EProfileException( + "Attempt to add duplicate Policy : " + + defaultClassId + ":" + + constraintClassId); } } else { - if( matches > 1) { - CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + constraintClassId + - " Contact System Administrator."); + if (matches > 1) { + CMS.debug("WARNING attempt to add duplicate Policy " + + defaultClassId + + ":" + + constraintClassId + + " Contact System Administrator."); } } } @@ -915,12 +925,11 @@ public abstract class BasicProfile implements IProfile { IPolicyDefault def = null; try { - def = (IPolicyDefault) - Class.forName(defaultClass).newInstance(); + def = (IPolicyDefault) Class.forName(defaultClass).newInstance(); } catch (Exception e) { // throw Exception - CMS.debug("BasicProfile: default policy " + - defaultClass + " " + e.toString()); + CMS.debug("BasicProfile: default policy " + defaultClass + " " + + e.toString()); } if (def == null) { CMS.debug("BasicProfile: failed to create " + defaultClass); @@ -931,18 +940,18 @@ public abstract class BasicProfile implements IProfile { def.init(this, defStore); } - IPluginInfo conInfo = mRegistry.getPluginInfo("constraintPolicy", + IPluginInfo conInfo = mRegistry.getPluginInfo("constraintPolicy", constraintClassId); String constraintClass = conInfo.getClassName(); IPolicyConstraint constraint = null; try { - constraint = (IPolicyConstraint) - Class.forName(constraintClass).newInstance(); + constraint = (IPolicyConstraint) Class.forName(constraintClass) + .newInstance(); } catch (Exception e) { // throw Exception - CMS.debug("BasicProfile: constraint policy " + - constraintClass + " " + e.toString()); + CMS.debug("BasicProfile: constraint policy " + constraintClass + + " " + e.toString()); } ProfilePolicy policy = null; if (constraint == null) { @@ -968,21 +977,20 @@ public abstract class BasicProfile implements IProfile { } else { policyStore.putString(PROP_POLICY_LIST, list + "," + id); } - policyStore.putString(id + ".default.name", - defInfo.getName(Locale.getDefault())); - policyStore.putString(id + ".default.class_id", - defaultClassId); - policyStore.putString(id + ".constraint.name", - conInfo.getName(Locale.getDefault())); - policyStore.putString(id + ".constraint.class_id", - constraintClassId); + policyStore.putString(id + ".default.name", + defInfo.getName(Locale.getDefault())); + policyStore.putString(id + ".default.class_id", defaultClassId); + policyStore.putString(id + ".constraint.name", + conInfo.getName(Locale.getDefault())); + policyStore.putString(id + ".constraint.class_id", + constraintClassId); try { - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); policyStore.commit(false); } catch (EBaseException e) { - CMS.debug("BasicProfile: commiting config store " + - e.toString()); + CMS.debug("BasicProfile: commiting config store " + + e.toString()); } } @@ -1038,7 +1046,7 @@ public abstract class BasicProfile implements IProfile { * Creates request. */ public abstract IRequest[] createRequests(IProfileContext ctx, Locale locale) - throws EProfileException; + throws EProfileException; /** * Returns the profile description. @@ -1056,12 +1064,12 @@ public abstract class BasicProfile implements IProfile { } public void populateInput(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { Enumeration ids = getProfileInputIds(); while (ids.hasMoreElements()) { String id = (String) ids.nextElement(); - IProfileInput input = getProfileInput(id); + IProfileInput input = getProfileInput(id); input.populate(ctx, request); } @@ -1074,36 +1082,32 @@ public abstract class BasicProfile implements IProfile { } /** - * Passes the request to the set of default policies that - * populate the profile information against the profile. - */ - public void populate(IRequest request) - throws EProfileException { + * Passes the request to the set of default policies that populate the + * profile information against the profile. + */ + public void populate(IRequest request) throws EProfileException { String setId = getPolicySetId(request); Vector policies = getPolicies(setId); - CMS.debug("BasicProfile: populate() policy setid ="+ setId); + CMS.debug("BasicProfile: populate() policy setid =" + setId); for (int i = 0; i < policies.size(); i++) { - ProfilePolicy policy = (ProfilePolicy) - policies.elementAt(i); + ProfilePolicy policy = (ProfilePolicy) policies.elementAt(i); policy.getDefault().populate(request); } } /** - * Passes the request to the set of constraint policies - * that validate the request against the profile. - */ - public void validate(IRequest request) - throws ERejectException { + * Passes the request to the set of constraint policies that validate the + * request against the profile. + */ + public void validate(IRequest request) throws ERejectException { String setId = getPolicySetId(request); - CMS.debug("BasicProfile: validate start on setId="+ setId); + CMS.debug("BasicProfile: validate start on setId=" + setId); Vector policies = getPolicies(setId); for (int i = 0; i < policies.size(); i++) { - ProfilePolicy policy = (ProfilePolicy) - policies.elementAt(i); + ProfilePolicy policy = (ProfilePolicy) policies.elementAt(i); policy.getConstraint().validate(request); } @@ -1129,25 +1133,23 @@ public abstract class BasicProfile implements IProfile { Vector v = new Vector(); for (int i = 0; i < policies.size(); i++) { - ProfilePolicy policy = (ProfilePolicy) - policies.elementAt(i); + ProfilePolicy policy = (ProfilePolicy) policies.elementAt(i); - v.addElement(policy.getId()); + v.addElement(policy.getId()); } return v.elements(); } - public void execute(IRequest request) - throws EProfileException { + public void execute(IRequest request) throws EProfileException { } /** * Signed Audit Log - * - * This method is inherited by all extended "BasicProfile"s, - * and is called to store messages to the signed audit log. + * + * This method is inherited by all extended "BasicProfile"s, and is called + * to store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -1158,21 +1160,17 @@ public abstract class BasicProfile implements IProfile { return; } - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null, + ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg); } /** * Signed Audit Log Subject ID - * - * This method is inherited by all extended "BasicProfile"s, - * and is called to obtain the "SubjectID" for - * a signed audit log message. + * + * This method is inherited by all extended "BasicProfile"s, and is called + * to obtain the "SubjectID" for a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { @@ -1187,8 +1185,7 @@ public abstract class BasicProfile implements IProfile { SessionContext auditContext = SessionContext.getExistingContext(); if (auditContext != null) { - subjectID = (String) - auditContext.get(SessionContext.USER_ID); + subjectID = (String) auditContext.get(SessionContext.USER_ID); if (subjectID != null) { subjectID = subjectID.trim(); @@ -1202,4 +1199,3 @@ public abstract class BasicProfile implements IProfile { return subjectID; } } - diff --git a/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java index 681f2b4a5..f589e7efb 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.NameValuePairs; @@ -28,103 +27,97 @@ import com.netscape.certsrv.profile.IProfileInput; import com.netscape.certsrv.profile.IProfileOutput; import com.netscape.certsrv.profile.IProfilePolicy; - /** - * This class implements a Certificate Manager enrollment - * profile for CA Certificates. - * + * This class implements a Certificate Manager enrollment profile for CA + * Certificates. + * * @version $Revision$, $Date$ */ -public class CACertCAEnrollProfile extends CAEnrollProfile - implements IProfileEx { +public class CACertCAEnrollProfile extends CAEnrollProfile implements + IProfileEx { /** - * Called after initialization. It populates default - * policies, inputs, and outputs. + * Called after initialization. It populates default policies, inputs, and + * outputs. */ - public void populate() throws EBaseException - { + public void populate() throws EBaseException { // create inputs NameValuePairs inputParams1 = new NameValuePairs(); - IProfileInput input1 = - createProfileInput("i1", "certReqInputImpl", inputParams1); + IProfileInput input1 = createProfileInput("i1", "certReqInputImpl", + inputParams1); NameValuePairs inputParams2 = new NameValuePairs(); - IProfileInput input2 = - createProfileInput("i2", "submitterInfoInputImpl", inputParams2); + IProfileInput input2 = createProfileInput("i2", + "submitterInfoInputImpl", inputParams2); - // create outputs + // create outputs NameValuePairs outputParams1 = new NameValuePairs(); - IProfileOutput output1 = - createProfileOutput("o1", "certOutputImpl", outputParams1); + IProfileOutput output1 = createProfileOutput("o1", "certOutputImpl", + outputParams1); // create policies - IProfilePolicy policy1 = - createProfilePolicy("set1", "p1", - "userSubjectNameDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy1 = createProfilePolicy("set1", "p1", + "userSubjectNameDefaultImpl", "noConstraintImpl"); IPolicyDefault def1 = policy1.getDefault(); IConfigStore defConfig1 = def1.getConfigStore(); IPolicyConstraint con1 = policy1.getConstraint(); IConfigStore conConfig1 = con1.getConfigStore(); - IProfilePolicy policy2 = - createProfilePolicy("set1", "p2", - "validityDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy2 = createProfilePolicy("set1", "p2", + "validityDefaultImpl", "noConstraintImpl"); IPolicyDefault def2 = policy2.getDefault(); IConfigStore defConfig2 = def2.getConfigStore(); - defConfig2.putString("params.range","180"); - defConfig2.putString("params.startTime","0"); + defConfig2.putString("params.range", "180"); + defConfig2.putString("params.startTime", "0"); IPolicyConstraint con2 = policy2.getConstraint(); IConfigStore conConfig2 = con2.getConfigStore(); - IProfilePolicy policy3 = - createProfilePolicy("set1", "p3", - "userKeyDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy3 = createProfilePolicy("set1", "p3", + "userKeyDefaultImpl", "noConstraintImpl"); IPolicyDefault def3 = policy3.getDefault(); IConfigStore defConfig3 = def3.getConfigStore(); - defConfig3.putString("params.keyType","RSA"); - defConfig3.putString("params.keyMinLength","512"); - defConfig3.putString("params.keyMaxLength","4096"); + defConfig3.putString("params.keyType", "RSA"); + defConfig3.putString("params.keyMinLength", "512"); + defConfig3.putString("params.keyMaxLength", "4096"); IPolicyConstraint con3 = policy3.getConstraint(); IConfigStore conConfig3 = con3.getConfigStore(); - IProfilePolicy policy4 = - createProfilePolicy("set1", "p4", - "signingAlgDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy4 = createProfilePolicy("set1", "p4", + "signingAlgDefaultImpl", "noConstraintImpl"); IPolicyDefault def4 = policy4.getDefault(); IConfigStore defConfig4 = def4.getConfigStore(); - defConfig4.putString("params.signingAlg","-"); - defConfig4.putString("params.signingAlgsAllowed", - "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA256withEC,SHA384withEC,SHA512withEC"); + defConfig4.putString("params.signingAlg", "-"); + defConfig4 + .putString( + "params.signingAlgsAllowed", + "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA256withEC,SHA384withEC,SHA512withEC"); IPolicyConstraint con4 = policy4.getConstraint(); IConfigStore conConfig4 = con4.getConfigStore(); // extensions - IProfilePolicy policy5 = - createProfilePolicy("set1", "p5", - "keyUsageExtDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy5 = createProfilePolicy("set1", "p5", + "keyUsageExtDefaultImpl", "noConstraintImpl"); IPolicyDefault def5 = policy5.getDefault(); IConfigStore defConfig5 = def5.getConfigStore(); - defConfig5.putString("params.keyUsageCritical","true"); - defConfig5.putString("params.keyUsageCrlSign","true"); - defConfig5.putString("params.keyUsageDataEncipherment","false"); - defConfig5.putString("params.keyUsageDecipherOnly","false"); - defConfig5.putString("params.keyUsageDigitalSignature","true"); - defConfig5.putString("params.keyUsageEncipherOnly","false"); - defConfig5.putString("params.keyUsageKeyAgreement","false"); - defConfig5.putString("params.keyUsageKeyCertSign","true"); - defConfig5.putString("params.keyUsageKeyEncipherment","false"); - defConfig5.putString("params.keyUsageNonRepudiation","true"); + defConfig5.putString("params.keyUsageCritical", "true"); + defConfig5.putString("params.keyUsageCrlSign", "true"); + defConfig5.putString("params.keyUsageDataEncipherment", "false"); + defConfig5.putString("params.keyUsageDecipherOnly", "false"); + defConfig5.putString("params.keyUsageDigitalSignature", "true"); + defConfig5.putString("params.keyUsageEncipherOnly", "false"); + defConfig5.putString("params.keyUsageKeyAgreement", "false"); + defConfig5.putString("params.keyUsageKeyCertSign", "true"); + defConfig5.putString("params.keyUsageKeyEncipherment", "false"); + defConfig5.putString("params.keyUsageNonRepudiation", "true"); IPolicyConstraint con5 = policy5.getConstraint(); IConfigStore conConfig5 = con5.getConfigStore(); - IProfilePolicy policy6 = - createProfilePolicy("set1", "p6", - "basicConstraintsExtDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy6 = createProfilePolicy("set1", "p6", + "basicConstraintsExtDefaultImpl", "noConstraintImpl"); IPolicyDefault def6 = policy6.getDefault(); IConfigStore defConfig6 = def6.getConfigStore(); - defConfig6.putString("params.basicConstraintsPathLen","-1"); - defConfig6.putString("params.basicConstraintsIsCA","true"); - defConfig6.putString("params.basicConstraintsPathLen","-1"); + defConfig6.putString("params.basicConstraintsPathLen", "-1"); + defConfig6.putString("params.basicConstraintsIsCA", "true"); + defConfig6.putString("params.basicConstraintsPathLen", "-1"); IPolicyConstraint con6 = policy6.getConstraint(); IConfigStore conConfig6 = con6.getConfigStore(); } diff --git a/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java index 32cd51b5f..20d5f4de3 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import java.util.Enumeration; import netscape.security.x509.X500Name; @@ -41,27 +40,21 @@ import com.netscape.certsrv.profile.IProfileUpdater; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.RequestStatus; - /** - * This class implements a Certificate Manager enrollment - * profile. - * + * This class implements a Certificate Manager enrollment profile. + * * @version $Revision$, $Date$ */ public class CAEnrollProfile extends EnrollProfile { - private final static String - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4"; - + private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST = "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4"; public CAEnrollProfile() { super(); } public IAuthority getAuthority() { - IAuthority authority = (IAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + IAuthority authority = (IAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); if (authority == null) return null; @@ -69,18 +62,17 @@ public class CAEnrollProfile extends EnrollProfile { } public X500Name getIssuerName() { - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_CA); X500Name issuerName = ca.getX500Name(); return issuerName; } - public void execute(IRequest request) - throws EProfileException { + public void execute(IRequest request) throws EProfileException { long startTime = CMS.getCurrentDate().getTime(); - + if (!isEnable()) { CMS.debug("CAEnrollProfile: Profile Not Enabled"); throw new EProfileException("Profile Not Enabled"); @@ -91,14 +83,13 @@ public class CAEnrollProfile extends EnrollProfile { String auditRequesterID = auditRequesterID(request); String auditArchiveID = ILogger.UNIDENTIFIED; - String id = request.getRequestId().toString(); if (id != null) { auditArchiveID = id.trim(); } - CMS.debug("CAEnrollProfile: execute reqId=" + - request.getRequestId().toString()); + CMS.debug("CAEnrollProfile: execute reqId=" + + request.getRequestId().toString()); ICertificateAuthority ca = (ICertificateAuthority) getAuthority(); ICAService caService = (ICAService) ca.getCAService(); @@ -108,64 +99,59 @@ public class CAEnrollProfile extends EnrollProfile { // if PKI Archive Option present, send this request // to DRM - byte optionsData[] = request.getExtDataInByteArray(REQUEST_ARCHIVE_OPTIONS); + byte optionsData[] = request + .getExtDataInByteArray(REQUEST_ARCHIVE_OPTIONS); // do not archive keys for renewal requests - if ((optionsData != null) && (!request.getRequestType().equals(IRequest.RENEWAL_REQUEST))) { - PKIArchiveOptions options = (PKIArchiveOptions) - toPKIArchiveOptions(optionsData); + if ((optionsData != null) + && (!request.getRequestType().equals(IRequest.RENEWAL_REQUEST))) { + PKIArchiveOptions options = (PKIArchiveOptions) toPKIArchiveOptions(optionsData); if (options != null) { - CMS.debug("CAEnrollProfile: execute found " + - "PKIArchiveOptions"); + CMS.debug("CAEnrollProfile: execute found " + + "PKIArchiveOptions"); try { IConnector kraConnector = caService.getKRAConnector(); if (kraConnector == null) { - CMS.debug("CAEnrollProfile: KRA connector " + - "not configured"); + CMS.debug("CAEnrollProfile: KRA connector " + + "not configured"); - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditArchiveID); + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditArchiveID); audit(auditMessage); - + } else { CMS.debug("CAEnrollProfile: execute send request"); kraConnector.send(request); - - // check response if (!request.isSuccess()) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditArchiveID); + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditArchiveID); audit(auditMessage); throw new ERejectException( request.getError(getLocale(request))); } - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditArchiveID); + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, + auditSubjectID, ILogger.SUCCESS, + auditRequesterID, auditArchiveID); audit(auditMessage); } } catch (Exception e) { - if (e instanceof ERejectException) { throw (ERejectException) e; } @@ -174,9 +160,7 @@ public class CAEnrollProfile extends EnrollProfile { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, + auditSubjectID, ILogger.FAILURE, auditRequesterID, auditArchiveID); audit(auditMessage); @@ -189,17 +173,17 @@ public class CAEnrollProfile extends EnrollProfile { X509CertInfo info = request.getExtDataInCertInfo(REQUEST_CERTINFO); X509CertImpl theCert = null; - // #615460 - added audit log (transaction) + // #615460 - added audit log (transaction) SessionContext sc = SessionContext.getExistingContext(); sc.put("profileId", getId()); String setId = request.getExtDataInString("profileSetId"); if (setId != null) { - sc.put("profileSetId", setId); + sc.put("profileSetId", setId); } try { - theCert = caService.issueX509Cert(info, getId() /* profileId */, - id /* requestId */); + theCert = caService + .issueX509Cert(info, getId() /* profileId */, id /* requestId */); } catch (EBaseException e) { CMS.debug(e.toString()); @@ -209,26 +193,27 @@ public class CAEnrollProfile extends EnrollProfile { long endTime = CMS.getCurrentDate().getTime(); - String initiative = AuditFormat.FROMAGENT - + " userID: " - + (String)sc.get(SessionContext.USER_ID); - String authMgr = (String)sc.get(SessionContext.AUTH_MANAGER_ID); + String initiative = AuditFormat.FROMAGENT + " userID: " + + (String) sc.get(SessionContext.USER_ID); + String authMgr = (String) sc.get(SessionContext.AUTH_MANAGER_ID); ILogger logger = CMS.getLogger(); - if( logger != null ) { - logger.log( ILogger.EV_AUDIT, - ILogger.S_OTHER, AuditFormat.LEVEL, AuditFormat.FORMAT, - new Object[] { - request.getRequestType(), - request.getRequestId(), - initiative, - authMgr, - "completed", - theCert.getSubjectDN(), - "cert issued serial number: 0x" + - theCert.getSerialNumber().toString(16) + - " time: " + (endTime - startTime) } - ); + if (logger != null) { + logger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + request.getRequestType(), + request.getRequestId(), + initiative, + authMgr, + "completed", + theCert.getSubjectDN(), + "cert issued serial number: 0x" + + theCert.getSerialNumber().toString(16) + + " time: " + (endTime - startTime) }); } request.setRequestStatus(RequestStatus.COMPLETE); @@ -236,9 +221,9 @@ public class CAEnrollProfile extends EnrollProfile { // notifies updater plugins Enumeration updaterIds = getProfileUpdaterIds(); while (updaterIds.hasMoreElements()) { - String updaterId = (String)updaterIds.nextElement(); - IProfileUpdater updater = getProfileUpdater(updaterId); - updater.update(request, RequestStatus.COMPLETE); + String updaterId = (String) updaterIds.nextElement(); + IProfileUpdater updater = getProfileUpdater(updaterId); + updater.update(request, RequestStatus.COMPLETE); } // set value for predicate value - checking in getRule @@ -248,4 +233,3 @@ public class CAEnrollProfile extends EnrollProfile { request.setExtData("isEncryptionCert", "false"); } } - diff --git a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java index 95c360f8c..e0c86303e 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -100,21 +99,19 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.cmsutil.util.HMACDigest; - /** * This class implements a generic enrollment profile. - * + * * @version $Revision$, $Date$ */ -public abstract class EnrollProfile extends BasicProfile - implements IEnrollProfile { +public abstract class EnrollProfile extends BasicProfile implements + IEnrollProfile { - private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST = - "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5"; - private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = - "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; + private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST = "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; private PKIData mCMCData; + public EnrollProfile() { super(); } @@ -135,11 +132,11 @@ public abstract class EnrollProfile extends BasicProfile * Creates request. */ public IRequest[] createRequests(IProfileContext context, Locale locale) - throws EProfileException { + throws EProfileException { EnrollProfileContext ctx = (EnrollProfileContext) context; // determine how many requests should be created - String cert_request_type = ctx.get(CTX_CERT_REQUEST_TYPE); + String cert_request_type = ctx.get(CTX_CERT_REQUEST_TYPE); String cert_request = ctx.get(CTX_CERT_REQUEST); String is_renewal = ctx.get(CTX_RENEWAL); Integer renewal_seq_num = 0; @@ -169,17 +166,16 @@ public abstract class EnrollProfile extends BasicProfile num_requests = msgs.length; } - // only 1 request for renewal + // only 1 request for renewal if ((is_renewal != null) && (is_renewal.equals("true"))) { num_requests = 1; String renewal_seq_num_str = ctx.get(CTX_RENEWAL_SEQ_NUM); if (renewal_seq_num_str != null) { renewal_seq_num = Integer.parseInt(renewal_seq_num_str); } else { - renewal_seq_num =0; + renewal_seq_num = 0; } } - // populate requests with appropriate content IRequest result[] = new IRequest[num_requests]; @@ -187,7 +183,7 @@ public abstract class EnrollProfile extends BasicProfile for (int i = 0; i < num_requests; i++) { result[i] = createEnrollmentRequest(); if ((is_renewal != null) && (is_renewal.equals("true"))) { - result[i].setExtData(REQUEST_SEQ_NUM,renewal_seq_num); + result[i].setExtData(REQUEST_SEQ_NUM, renewal_seq_num); } else { result[i].setExtData(REQUEST_SEQ_NUM, Integer.valueOf(i)); } @@ -208,36 +204,35 @@ public abstract class EnrollProfile extends BasicProfile // retrieve issuer name X500Name issuerName = getIssuerName(); - byte[] dummykey = new byte[] { - 48, 92, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 1, 5, - 0, 3, 75, 0, 48, 72, 2, 65, 0, -65, 121, -119, -59, 105, 66, - -122, -78, -30, -64, 63, -47, 44, -48, -104, 103, -47, -108, - 42, -38, 46, -8, 32, 49, -29, -26, -112, -29, -86,71, 24, - -104, 78, -31, -75, -128, 90, -92, -34, -51, -125, -13, 80, 101, - -78, 39, -119, -38, 117, 28, 67, -19, -71, -124, -85, 105, -53, - -103, -59, -67, -38, -83, 118, 65, 2, 3, 1, 0, 1}; + byte[] dummykey = new byte[] { 48, 92, 48, 13, 6, 9, 42, -122, 72, + -122, -9, 13, 1, 1, 1, 5, 0, 3, 75, 0, 48, 72, 2, 65, 0, -65, + 121, -119, -59, 105, 66, -122, -78, -30, -64, 63, -47, 44, -48, + -104, 103, -47, -108, 42, -38, 46, -8, 32, 49, -29, -26, -112, + -29, -86, 71, 24, -104, 78, -31, -75, -128, 90, -92, -34, -51, + -125, -13, 80, 101, -78, 39, -119, -38, 117, 28, 67, -19, -71, + -124, -85, 105, -53, -103, -59, -67, -38, -83, 118, 65, 2, 3, + 1, 0, 1 }; // default values into x509 certinfo. This thing is // not serializable by default try { - info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); - info.set(X509CertInfo.SERIAL_NUMBER, - new CertificateSerialNumber(new BigInteger("0"))); - info.set(X509CertInfo.ISSUER, - new CertificateIssuerName(issuerName)); - info.set(X509CertInfo.KEY, - new CertificateX509Key(X509Key.parse(new DerValue(dummykey)))); - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(issuerName)); - info.set(X509CertInfo.VALIDITY, - new CertificateValidity(new Date(), new Date())); - info.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId( + info.set(X509CertInfo.VERSION, new CertificateVersion( + CertificateVersion.V3)); + info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber( + new BigInteger("0"))); + info.set(X509CertInfo.ISSUER, new CertificateIssuerName(issuerName)); + info.set( + X509CertInfo.KEY, + new CertificateX509Key(X509Key + .parse(new DerValue(dummykey)))); + info.set(X509CertInfo.SUBJECT, new CertificateSubjectName( + issuerName)); + info.set(X509CertInfo.VALIDITY, new CertificateValidity(new Date(), + new Date())); + info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId( AlgorithmId.getAlgorithmId("MD5withRSA"))); // add default extension container - info.set(X509CertInfo.EXTENSIONS, - new CertificateExtensions()); + info.set(X509CertInfo.EXTENSIONS, new CertificateExtensions()); } catch (Exception e) { // throw exception - add key to template CMS.debug("EnrollProfile: Building X509CertInfo - " + e.toString()); @@ -246,8 +241,7 @@ public abstract class EnrollProfile extends BasicProfile req.setExtData(REQUEST_CERTINFO, info); } - public IRequest createEnrollmentRequest() - throws EProfileException { + public IRequest createEnrollmentRequest() throws EProfileException { IRequest req = null; try { @@ -256,22 +250,20 @@ public abstract class EnrollProfile extends BasicProfile setDefaultCertInfo(req); // put the certificate info into request - req.setExtData(REQUEST_EXTENSIONS, - new CertificateExtensions()); + req.setExtData(REQUEST_EXTENSIONS, new CertificateExtensions()); - CMS.debug("EnrollProfile: createRequest " + - req.getRequestId().toString()); + CMS.debug("EnrollProfile: createRequest " + + req.getRequestId().toString()); } catch (EBaseException e) { // raise exception - CMS.debug("EnrollProfile: create new enroll request " + - e.toString()); + CMS.debug("EnrollProfile: create new enroll request " + + e.toString()); } return req; } - public abstract void execute(IRequest request) - throws EProfileException; + public abstract void execute(IRequest request) throws EProfileException; /** * Perform simple policy set assignment. @@ -298,8 +290,8 @@ public abstract class EnrollProfile extends BasicProfile X509CertInfo info = request.getExtDataInCertInfo(REQUEST_CERTINFO); try { - CertificateSubjectName sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); + CertificateSubjectName sn = (CertificateSubjectName) info + .get(X509CertInfo.SUBJECT); return sn.toString(); } catch (Exception e) { @@ -309,35 +301,34 @@ public abstract class EnrollProfile extends BasicProfile } /** - * This method is called after the user submits the - * request from the end-entity page. + * This method is called after the user submits the request from the + * end-entity page. */ public void submit(IAuthToken token, IRequest request) - throws EDeferException, EProfileException { + throws EDeferException, EProfileException { // Request Submission Logic: // // if (Authentication Failed) { - // return Error + // return Error + // } else { + // if (No Auth Token) { + // queue request // } else { - // if (No Auth Token) { - // queue request - // } else { - // process request - // } + // process request + // } // } - IAuthority authority = (IAuthority) - getAuthority(); + IAuthority authority = (IAuthority) getAuthority(); IRequestQueue queue = authority.getRequestQueue(); - // this profile queues request that is authenticated - // by NoAuth - try { - queue.updateRequest(request); - } catch (EBaseException e) { - // save request to disk - CMS.debug("EnrollProfile: Update request " + e.toString()); - } + // this profile queues request that is authenticated + // by NoAuth + try { + queue.updateRequest(request); + } catch (EBaseException e) { + // save request to disk + CMS.debug("EnrollProfile: Update request " + e.toString()); + } if (token == null) { CMS.debug("EnrollProfile: auth token is null"); @@ -346,7 +337,8 @@ public abstract class EnrollProfile extends BasicProfile try { queue.updateRequest(request); } catch (EBaseException e) { - CMS.debug("EnrollProfile: Update request (after validation) " + e.toString()); + CMS.debug("EnrollProfile: Update request (after validation) " + + e.toString()); } throw new EDeferException("defer request"); @@ -360,12 +352,12 @@ public abstract class EnrollProfile extends BasicProfile } public TaggedRequest[] parseCMC(Locale locale, String certreq) - throws EProfileException { + throws EProfileException { /* cert request must not be null */ if (certreq == null) { CMS.debug("EnrollProfile: parseCMC() certreq null"); - throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException(CMS.getUserMessage(locale, + "CMS_PROFILE_INVALID_REQUEST")); } CMS.debug("EnrollProfile: Start parseCMC(): " + certreq); @@ -375,22 +367,24 @@ public abstract class EnrollProfile extends BasicProfile String creq = normalizeCertReq(certreq); try { byte data[] = CMS.AtoB(creq); - ByteArrayInputStream cmcBlobIn = - new ByteArrayInputStream(data); - - org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo) - org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); - org.mozilla.jss.pkix.cms.SignedData cmcFullReq = (org.mozilla.jss.pkix.cms.SignedData)cmcReq.getInterpretedContent(); - org.mozilla.jss.pkix.cms.EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); + ByteArrayInputStream cmcBlobIn = new ByteArrayInputStream(data); + + org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo) org.mozilla.jss.pkix.cms.ContentInfo + .getTemplate().decode(cmcBlobIn); + org.mozilla.jss.pkix.cms.SignedData cmcFullReq = (org.mozilla.jss.pkix.cms.SignedData) cmcReq + .getInterpretedContent(); + org.mozilla.jss.pkix.cms.EncapsulatedContentInfo ci = cmcFullReq + .getContentInfo(); OBJECT_IDENTIFIER id = ci.getContentType(); OCTET_STRING content = ci.getContent(); - - ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray()); + + ByteArrayInputStream s = new ByteArrayInputStream( + content.toByteArray()); PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s); mCMCData = pkiData; - //PKIData pkiData = (PKIData) - // (new PKIData.Template()).decode(cmcBlobIn); + // PKIData pkiData = (PKIData) + // (new PKIData.Template()).decode(cmcBlobIn); SEQUENCE controlSeq = pkiData.getControlSequence(); int numcontrols = controlSeq.size(); SEQUENCE reqSeq = pkiData.getReqSequence(); @@ -400,22 +394,24 @@ public abstract class EnrollProfile extends BasicProfile if (numcontrols > 0) { context.put("numOfControls", Integer.valueOf(numcontrols)); TaggedAttribute[] attributes = new TaggedAttribute[numcontrols]; - for (int i=0; i<numcontrols; i++) { - attributes[i] = (TaggedAttribute)controlSeq.elementAt(i); + for (int i = 0; i < numcontrols; i++) { + attributes[i] = (TaggedAttribute) controlSeq + .elementAt(i); OBJECT_IDENTIFIER oid = attributes[i].getType(); if (oid.equals(OBJECT_IDENTIFIER.id_cmc_identityProof)) { - boolean valid = verifyIdentityProof(attributes[i], - reqSeq); + boolean valid = verifyIdentityProof(attributes[i], + reqSeq); if (!valid) { - SEQUENCE bpids = getRequestBpids(reqSeq); + SEQUENCE bpids = getRequestBpids(reqSeq); context.put("identityProof", bpids); return null; } - } else if (oid.equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkRandom)) { + } else if (oid + .equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkRandom)) { SET vals = attributes[i].getValues(); - OCTET_STRING ostr = - (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); + OCTET_STRING ostr = (OCTET_STRING) (ASN1Util + .decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); randomSeed = ostr.toByteArray(); } else { context.put(attributes[i].getType(), attributes[i]); @@ -423,18 +419,19 @@ public abstract class EnrollProfile extends BasicProfile } } } - + SEQUENCE otherMsgSeq = pkiData.getOtherMsgSequence(); int numOtherMsgs = otherMsgSeq.size(); if (!context.containsKey("numOfOtherMsgs")) { context.put("numOfOtherMsgs", Integer.valueOf(numOtherMsgs)); - for (int i=0; i<numOtherMsgs; i++) { - OtherMsg omsg =(OtherMsg)(ASN1Util.decode(OtherMsg.getTemplate(), - ASN1Util.encode(otherMsgSeq.elementAt(i)))); - context.put("otherMsg"+i, omsg); + for (int i = 0; i < numOtherMsgs; i++) { + OtherMsg omsg = (OtherMsg) (ASN1Util.decode( + OtherMsg.getTemplate(), + ASN1Util.encode(otherMsgSeq.elementAt(i)))); + context.put("otherMsg" + i, omsg); } } - + int nummsgs = reqSeq.size(); if (nummsgs > 0) { msgs = new TaggedRequest[reqSeq.size()]; @@ -444,10 +441,11 @@ public abstract class EnrollProfile extends BasicProfile msgs[i] = (TaggedRequest) reqSeq.elementAt(i); if (!context.containsKey("POPLinkWitness")) { if (randomSeed != null) { - valid = verifyPOPLinkWitness(randomSeed, msgs[i], bpids); + valid = verifyPOPLinkWitness(randomSeed, msgs[i], + bpids); if (!valid || bpids.size() > 0) { context.put("POPLinkWitness", bpids); - return null; + return null; } } } @@ -458,13 +456,13 @@ public abstract class EnrollProfile extends BasicProfile return msgs; } catch (Exception e) { CMS.debug("EnrollProfile: parseCMC " + e.toString()); - throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException(CMS.getUserMessage(locale, + "CMS_PROFILE_INVALID_REQUEST")); } } private boolean verifyPOPLinkWitness(byte[] randomSeed, TaggedRequest req, - SEQUENCE bpids) { + SEQUENCE bpids) { ISharedToken tokenClass = null; boolean sharedSecretFound = true; String name = null; @@ -479,15 +477,15 @@ public abstract class EnrollProfile extends BasicProfile } try { - tokenClass = (ISharedToken)Class.forName(name).newInstance(); + tokenClass = (ISharedToken) Class.forName(name).newInstance(); } catch (ClassNotFoundException e) { - CMS.debug("EnrollProfile: Failed to find class name: "+name); + CMS.debug("EnrollProfile: Failed to find class name: " + name); sharedSecretFound = false; } catch (InstantiationException e) { - CMS.debug("EnrollProfile: Failed to instantiate class: "+name); + CMS.debug("EnrollProfile: Failed to instantiate class: " + name); sharedSecretFound = false; } catch (IllegalAccessException e) { - CMS.debug("EnrollProfile: Illegal access: "+name); + CMS.debug("EnrollProfile: Illegal access: " + name); sharedSecretFound = false; } @@ -496,7 +494,7 @@ public abstract class EnrollProfile extends BasicProfile String sharedSecret = null; if (tokenClass != null) sharedSecret = tokenClass.getSharedToken(mCMCData); - if (req.getType().equals(TaggedRequest.PKCS10)) { + if (req.getType().equals(TaggedRequest.PKCS10)) { TaggedCertificationRequest tcr = req.getTcr(); if (!sharedSecretFound) { bpids.addElement(tcr.getBodyPartID()); @@ -505,25 +503,27 @@ public abstract class EnrollProfile extends BasicProfile CertificationRequest creq = tcr.getCertificationRequest(); CertificationRequestInfo cinfo = creq.getInfo(); SET attrs = cinfo.getAttributes(); - for (int j=0; j<attrs.size(); j++) { - Attribute pkcs10Attr = (Attribute)attrs.elementAt(j); - if (pkcs10Attr.getType().equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) { + for (int j = 0; j < attrs.size(); j++) { + Attribute pkcs10Attr = (Attribute) attrs.elementAt(j); + if (pkcs10Attr.getType().equals( + OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) { SET witnessVal = pkcs10Attr.getValues(); if (witnessVal.size() > 0) { try { - OCTET_STRING str = - (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(witnessVal.elementAt(0)))); + OCTET_STRING str = (OCTET_STRING) (ASN1Util + .decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(witnessVal + .elementAt(0)))); bv = str.toByteArray(); return verifyDigest(sharedSecret.getBytes(), - randomSeed, bv); + randomSeed, bv); } catch (InvalidBERException ex) { return false; } } - } + } } - + return false; } } else if (req.getType().equals(TaggedRequest.CRMF)) { @@ -537,14 +537,15 @@ public abstract class EnrollProfile extends BasicProfile for (int i = 0; i < certReq.numControls(); i++) { AVA ava = certReq.controlAt(i); - if (ava.getOID().equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) { + if (ava.getOID().equals( + OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) { ASN1Value value = ava.getValue(); ByteArrayInputStream bis = new ByteArrayInputStream( - ASN1Util.encode(value)); + ASN1Util.encode(value)); OCTET_STRING ostr = null; try { - ostr = (OCTET_STRING) - (new OCTET_STRING.Template()).decode(bis); + ostr = (OCTET_STRING) (new OCTET_STRING.Template()) + .decode(bis); bv = ostr.toByteArray(); } catch (Exception e) { bpids.addElement(reqId); @@ -552,7 +553,7 @@ public abstract class EnrollProfile extends BasicProfile } boolean valid = verifyDigest(sharedSecret.getBytes(), - randomSeed, bv); + randomSeed, bv); if (!valid) { bpids.addElement(reqId); return valid; @@ -571,7 +572,7 @@ public abstract class EnrollProfile extends BasicProfile MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1"); key = SHA1Digest.digest(sharedSecret); } catch (NoSuchAlgorithmException ex) { - CMS.debug("EnrollProfile: No such algorithm for this message digest."); + CMS.debug("EnrollProfile: No such algorithm for this message digest."); return false; } @@ -582,7 +583,7 @@ public abstract class EnrollProfile extends BasicProfile hmacDigest.update(text); finalDigest = hmacDigest.digest(); } catch (NoSuchAlgorithmException ex) { - CMS.debug("EnrollProfile: No such algorithm for this message digest."); + CMS.debug("EnrollProfile: No such algorithm for this message digest."); return false; } @@ -591,9 +592,9 @@ public abstract class EnrollProfile extends BasicProfile return false; } - for (int j=0; j<bv.length; j++) { + for (int j = 0; j < bv.length; j++) { if (bv[j] != finalDigest[j]) { - CMS.debug("EnrollProfile: The content of two HMAC digest are not the same."); + CMS.debug("EnrollProfile: The content of two HMAC digest are not the same."); return false; } } @@ -635,23 +636,24 @@ public abstract class EnrollProfile extends BasicProfile else { ISharedToken tokenClass = null; try { - tokenClass = (ISharedToken)Class.forName(name).newInstance(); + tokenClass = (ISharedToken) Class.forName(name).newInstance(); } catch (ClassNotFoundException e) { - CMS.debug("EnrollProfile: Failed to find class name: "+name); + CMS.debug("EnrollProfile: Failed to find class name: " + name); return false; } catch (InstantiationException e) { - CMS.debug("EnrollProfile: Failed to instantiate class: "+name); + CMS.debug("EnrollProfile: Failed to instantiate class: " + name); return false; } catch (IllegalAccessException e) { - CMS.debug("EnrollProfile: Illegal access: "+name); + CMS.debug("EnrollProfile: Illegal access: " + name); return false; } - + String token = tokenClass.getSharedToken(mCMCData); OCTET_STRING ostr = null; try { - ostr = (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); + ostr = (OCTET_STRING) (ASN1Util.decode( + OCTET_STRING.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); } catch (InvalidBERException e) { CMS.debug("EnrollProfile: Failed to decode the byte value."); return false; @@ -663,35 +665,33 @@ public abstract class EnrollProfile extends BasicProfile } } - public void fillTaggedRequest(Locale locale, TaggedRequest tagreq, X509CertInfo info, - IRequest req) - throws EProfileException { + public void fillTaggedRequest(Locale locale, TaggedRequest tagreq, + X509CertInfo info, IRequest req) throws EProfileException { TaggedRequest.Type type = tagreq.getType(); - if (type.equals(TaggedRequest.PKCS10)) { + if (type.equals(TaggedRequest.PKCS10)) { try { - TaggedCertificationRequest tcr = tagreq.getTcr(); - CertificationRequest p10 = tcr.getCertificationRequest(); - ByteArrayOutputStream ostream = new ByteArrayOutputStream(); + TaggedCertificationRequest tcr = tagreq.getTcr(); + CertificationRequest p10 = tcr.getCertificationRequest(); + ByteArrayOutputStream ostream = new ByteArrayOutputStream(); - p10.encode(ostream); + p10.encode(ostream); PKCS10 pkcs10 = new PKCS10(ostream.toByteArray()); req.setExtData("bodyPartId", tcr.getBodyPartID()); fillPKCS10(locale, pkcs10, info, req); } catch (Exception e) { - CMS.debug("EnrollProfile: fillTaggedRequest " + - e.toString()); + CMS.debug("EnrollProfile: fillTaggedRequest " + e.toString()); } - } else if (type.equals(TaggedRequest.CRMF)) { - CertReqMsg crm = tagreq.getCrm(); + } else if (type.equals(TaggedRequest.CRMF)) { + CertReqMsg crm = tagreq.getCrm(); SessionContext context = SessionContext.getContext(); - Integer nums = (Integer)(context.get("numOfControls")); + Integer nums = (Integer) (context.get("numOfControls")); // check if the LRA POP Witness Control attribute exists if (nums != null && nums.intValue() > 0) { - TaggedAttribute attr = - (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness)); + TaggedAttribute attr = (TaggedAttribute) (context + .get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness)); if (attr != null) { parseLRAPopWitness(locale, crm, attr); } else { @@ -705,53 +705,58 @@ public abstract class EnrollProfile extends BasicProfile fillCertReqMsg(locale, crm, info, req); } else { - throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException(CMS.getUserMessage(locale, + "CMS_PROFILE_INVALID_REQUEST")); } } - private void parseLRAPopWitness(Locale locale, CertReqMsg crm, - TaggedAttribute attr) throws EProfileException { + private void parseLRAPopWitness(Locale locale, CertReqMsg crm, + TaggedAttribute attr) throws EProfileException { SET vals = attr.getValues(); boolean donePOP = false; INTEGER reqId = null; if (vals.size() > 0) { LraPopWitness lraPop = null; try { - lraPop = (LraPopWitness)(ASN1Util.decode(LraPopWitness.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); + lraPop = (LraPopWitness) (ASN1Util.decode( + LraPopWitness.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); } catch (InvalidBERException e) { - throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR")); + throw new EProfileException(CMS.getUserMessage(locale, + "CMS_PROFILE_ENCODING_ERROR")); } SEQUENCE bodyIds = lraPop.getBodyIds(); reqId = crm.getCertReq().getCertReqId(); - for (int i=0; i<bodyIds.size(); i++) { - INTEGER num = (INTEGER)(bodyIds.elementAt(i)); + for (int i = 0; i < bodyIds.size(); i++) { + INTEGER num = (INTEGER) (bodyIds.elementAt(i)); if (num.toString().equals(reqId.toString())) { donePOP = true; - CMS.debug("EnrollProfile: skip POP for request: "+reqId.toString()+ " because LRA POP Witness control is found."); + CMS.debug("EnrollProfile: skip POP for request: " + + reqId.toString() + + " because LRA POP Witness control is found."); break; } } } if (!donePOP) { - CMS.debug("EnrollProfile: not skip POP for request: "+reqId.toString()+" because this request id is not part of the body list in LRA Pop witness control."); + CMS.debug("EnrollProfile: not skip POP for request: " + + reqId.toString() + + " because this request id is not part of the body list in LRA Pop witness control."); verifyPOP(locale, crm); } } public CertReqMsg[] parseCRMF(Locale locale, String certreq) - throws EProfileException { + throws EProfileException { /* cert request must not be null */ if (certreq == null) { CMS.debug("EnrollProfile: parseCRMF() certreq null"); - throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException(CMS.getUserMessage(locale, + "CMS_PROFILE_INVALID_REQUEST")); } CMS.debug("EnrollProfile: Start parseCRMF(): " + certreq); @@ -759,11 +764,9 @@ public abstract class EnrollProfile extends BasicProfile String creq = normalizeCertReq(certreq); try { byte data[] = CMS.AtoB(creq); - ByteArrayInputStream crmfBlobIn = - new ByteArrayInputStream(data); - SEQUENCE crmfMsgs = (SEQUENCE) - new SEQUENCE.OF_Template(new - CertReqMsg.Template()).decode(crmfBlobIn); + ByteArrayInputStream crmfBlobIn = new ByteArrayInputStream(data); + SEQUENCE crmfMsgs = (SEQUENCE) new SEQUENCE.OF_Template( + new CertReqMsg.Template()).decode(crmfBlobIn); int nummsgs = crmfMsgs.size(); if (nummsgs <= 0) @@ -775,24 +778,23 @@ public abstract class EnrollProfile extends BasicProfile return msgs; } catch (Exception e) { CMS.debug("EnrollProfile: parseCRMF " + e.toString()); - throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException(CMS.getUserMessage(locale, + "CMS_PROFILE_INVALID_REQUEST")); } } - private static final OBJECT_IDENTIFIER PKIARCHIVEOPTIONS_OID = - new OBJECT_IDENTIFIER(new long[] {1, 3, 6, 1, 5, 5, 7, 5, 1, 4} - ); + private static final OBJECT_IDENTIFIER PKIARCHIVEOPTIONS_OID = new OBJECT_IDENTIFIER( + new long[] { 1, 3, 6, 1, 5, 5, 7, 5, 1, 4 }); - protected PKIArchiveOptions getPKIArchiveOptions(AVA ava) { - ASN1Value archVal = ava.getValue(); + protected PKIArchiveOptions getPKIArchiveOptions(AVA ava) { + ASN1Value archVal = ava.getValue(); ByteArrayInputStream bis = new ByteArrayInputStream( - ASN1Util.encode(archVal)); + ASN1Util.encode(archVal)); PKIArchiveOptions archOpts = null; - try { - archOpts = (PKIArchiveOptions) - (new PKIArchiveOptions.Template()).decode(bis); + try { + archOpts = (PKIArchiveOptions) (new PKIArchiveOptions.Template()) + .decode(bis); } catch (Exception e) { CMS.debug("EnrollProfile: getPKIArchiveOptions " + e.toString()); } @@ -803,22 +805,21 @@ public abstract class EnrollProfile extends BasicProfile ByteArrayInputStream bis = new ByteArrayInputStream(options); PKIArchiveOptions archOpts = null; - try { - archOpts = (PKIArchiveOptions) - (new PKIArchiveOptions.Template()).decode(bis); + try { + archOpts = (PKIArchiveOptions) (new PKIArchiveOptions.Template()) + .decode(bis); } catch (Exception e) { CMS.debug("EnrollProfile: toPKIArchiveOptions " + e.toString()); } return archOpts; } - public byte[] toByteArray(PKIArchiveOptions options) { + public byte[] toByteArray(PKIArchiveOptions options) { return ASN1Util.encode(options); } - public void fillCertReqMsg(Locale locale, CertReqMsg certReqMsg, X509CertInfo info, - IRequest req) - throws EProfileException { + public void fillCertReqMsg(Locale locale, CertReqMsg certReqMsg, + X509CertInfo info, IRequest req) throws EProfileException { try { CMS.debug("Start parseCertReqMsg "); CertRequest certReq = certReqMsg.getCertReq(); @@ -827,12 +828,11 @@ public abstract class EnrollProfile extends BasicProfile for (int i = 0; i < certReq.numControls(); i++) { AVA ava = certReq.controlAt(i); - if (ava.getOID().equals(PKIARCHIVEOPTIONS_OID)) { + if (ava.getOID().equals(PKIARCHIVEOPTIONS_OID)) { PKIArchiveOptions opt = getPKIArchiveOptions(ava); - //req.set(REQUEST_ARCHIVE_OPTIONS, opt); - req.setExtData(REQUEST_ARCHIVE_OPTIONS, - toByteArray(opt)); + // req.set(REQUEST_ARCHIVE_OPTIONS, opt); + req.setExtData(REQUEST_ARCHIVE_OPTIONS, toByteArray(opt)); } } @@ -849,23 +849,24 @@ public abstract class EnrollProfile extends BasicProfile key.decode(keybytes); // XXX - kmccarth - this may simply undo the decoding above - // but for now it's unclear whether X509Key - // changest the format when decoding. + // but for now it's unclear whether X509Key + // changest the format when decoding. CertificateX509Key certKey = new CertificateX509Key(key); ByteArrayOutputStream certKeyOut = new ByteArrayOutputStream(); certKey.encode(certKeyOut); req.setExtData(REQUEST_KEY, certKeyOut.toByteArray()); // parse validity - if (certTemplate.getNotBefore() != null || - certTemplate.getNotAfter() != null) { - CMS.debug("EnrollProfile: requested notBefore: " + certTemplate.getNotBefore()); - CMS.debug("EnrollProfile: requested notAfter: " + certTemplate.getNotAfter()); + if (certTemplate.getNotBefore() != null + || certTemplate.getNotAfter() != null) { + CMS.debug("EnrollProfile: requested notBefore: " + + certTemplate.getNotBefore()); + CMS.debug("EnrollProfile: requested notAfter: " + + certTemplate.getNotAfter()); CMS.debug("EnrollProfile: current CA time: " + new Date()); CertificateValidity certValidity = new CertificateValidity( certTemplate.getNotBefore(), certTemplate.getNotAfter()); - ByteArrayOutputStream certValidityOut = - new ByteArrayOutputStream(); + ByteArrayOutputStream certValidityOut = new ByteArrayOutputStream(); certValidity.encode(certValidityOut); req.setExtData(REQUEST_VALIDITY, certValidityOut.toByteArray()); } else { @@ -875,31 +876,32 @@ public abstract class EnrollProfile extends BasicProfile // parse subject if (certTemplate.hasSubject()) { Name subjectdn = certTemplate.getSubject(); - ByteArrayOutputStream subjectEncStream = - new ByteArrayOutputStream(); + ByteArrayOutputStream subjectEncStream = new ByteArrayOutputStream(); subjectdn.encode(subjectEncStream); byte[] subjectEnc = subjectEncStream.toByteArray(); X500Name subject = new X500Name(subjectEnc); - //info.set(X509CertInfo.SUBJECT, - // new CertificateSubjectName(subject)); + // info.set(X509CertInfo.SUBJECT, + // new CertificateSubjectName(subject)); req.setExtData(REQUEST_SUBJECT_NAME, new CertificateSubjectName(subject)); try { - String subjectCN = subject.getCommonName(); - if (subjectCN == null) subjectCN = ""; - req.setExtData(REQUEST_SUBJECT_NAME+".cn", subjectCN); + String subjectCN = subject.getCommonName(); + if (subjectCN == null) + subjectCN = ""; + req.setExtData(REQUEST_SUBJECT_NAME + ".cn", subjectCN); } catch (Exception ee) { - req.setExtData(REQUEST_SUBJECT_NAME+".cn", ""); + req.setExtData(REQUEST_SUBJECT_NAME + ".cn", ""); } try { String subjectUID = subject.getUserID(); - if (subjectUID == null) subjectUID = ""; - req.setExtData(REQUEST_SUBJECT_NAME+".uid", subjectUID); + if (subjectUID == null) + subjectUID = ""; + req.setExtData(REQUEST_SUBJECT_NAME + ".uid", subjectUID); } catch (Exception ee) { - req.setExtData(REQUEST_SUBJECT_NAME+".uid", ""); + req.setExtData(REQUEST_SUBJECT_NAME + ".uid", ""); } } @@ -908,11 +910,11 @@ public abstract class EnrollProfile extends BasicProfile // try { extensions = req.getExtDataInCertExts(REQUEST_EXTENSIONS); - // } catch (CertificateException e) { - // extensions = null; + // } catch (CertificateException e) { + // extensions = null; // } catch (IOException e) { - // extensions = null; - // } + // extensions = null; + // } if (certTemplate.hasExtensions()) { // put each extension from CRMF into CertInfo. // index by extension name, consistent with @@ -922,57 +924,54 @@ public abstract class EnrollProfile extends BasicProfile int numexts = certTemplate.numExtensions(); for (int j = 0; j < numexts; j++) { - org.mozilla.jss.pkix.cert.Extension jssext = - certTemplate.extensionAt(j); + org.mozilla.jss.pkix.cert.Extension jssext = certTemplate + .extensionAt(j); boolean isCritical = jssext.getCritical(); - org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = - jssext.getExtnId(); + org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = jssext + .getExtnId(); long[] numbers = jssoid.getNumbers(); int[] oidNumbers = new int[numbers.length]; for (int k = numbers.length - 1; k >= 0; k--) { oidNumbers[k] = (int) numbers[k]; } - ObjectIdentifier oid = - new ObjectIdentifier(oidNumbers); - org.mozilla.jss.asn1.OCTET_STRING jssvalue = - jssext.getExtnValue(); - ByteArrayOutputStream jssvalueout = - new ByteArrayOutputStream(); + ObjectIdentifier oid = new ObjectIdentifier(oidNumbers); + org.mozilla.jss.asn1.OCTET_STRING jssvalue = jssext + .getExtnValue(); + ByteArrayOutputStream jssvalueout = new ByteArrayOutputStream(); jssvalue.encode(jssvalueout); byte[] extValue = jssvalueout.toByteArray(); - Extension ext = - new Extension(oid, isCritical, extValue); + Extension ext = new Extension(oid, isCritical, extValue); extensions.parseExtension(ext); } - // info.set(X509CertInfo.EXTENSIONS, extensions); + // info.set(X509CertInfo.EXTENSIONS, extensions); req.setExtData(REQUEST_EXTENSIONS, extensions); } } catch (IOException e) { CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString()); - throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException(CMS.getUserMessage(locale, + "CMS_PROFILE_INVALID_REQUEST")); } catch (InvalidKeyException e) { CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString()); - throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); - // } catch (CertificateException e) { - // CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString()); - // throw new EProfileException(e.toString()); + throw new EProfileException(CMS.getUserMessage(locale, + "CMS_PROFILE_INVALID_REQUEST")); + // } catch (CertificateException e) { + // CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString()); + // throw new EProfileException(e.toString()); } } public PKCS10 parsePKCS10(Locale locale, String certreq) - throws EProfileException { + throws EProfileException { /* cert request must not be null */ if (certreq == null) { CMS.debug("EnrollProfile:parsePKCS10() certreq null"); - throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException(CMS.getUserMessage(locale, + "CMS_PROFILE_INVALID_REQUEST")); } CMS.debug("Start parsePKCS10(): " + certreq); @@ -988,17 +987,20 @@ public abstract class EnrollProfile extends BasicProfile try { cm = CryptoManager.getInstance(); - sigver = CMS.getConfigStore().getBoolean("ca.requestVerify.enabled", true); + sigver = CMS.getConfigStore().getBoolean( + "ca.requestVerify.enabled", true); if (sigver) { CMS.debug("EnrollProfile: parsePKCS10: signature verification enabled"); - String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", "internal"); + String tokenName = CMS.getConfigStore().getString( + "ca.requestVerify.token", "internal"); savedToken = cm.getThreadToken(); CryptoToken signToken = null; if (tokenName.equals("internal")) { CMS.debug("EnrollProfile: parsePKCS10: use internal token"); signToken = cm.getInternalCryptoToken(); } else { - CMS.debug("EnrollProfile: parsePKCS10: tokenName="+ tokenName); + CMS.debug("EnrollProfile: parsePKCS10: tokenName=" + + tokenName); signToken = cm.getTokenByName(tokenName); } CMS.debug("EnrollProfile: parsePKCS10 setting thread token"); @@ -1010,8 +1012,8 @@ public abstract class EnrollProfile extends BasicProfile } } catch (Exception e) { CMS.debug("EnrollProfile: parsePKCS10 " + e.toString()); - throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException(CMS.getUserMessage(locale, + "CMS_PROFILE_INVALID_REQUEST")); } finally { if (sigver) { CMS.debug("EnrollProfile: parsePKCS10 restoring thread token"); @@ -1022,8 +1024,8 @@ public abstract class EnrollProfile extends BasicProfile return pkcs10; } - public void fillPKCS10(Locale locale, PKCS10 pkcs10, X509CertInfo info, IRequest req) - throws EProfileException { + public void fillPKCS10(Locale locale, PKCS10 pkcs10, X509CertInfo info, + IRequest req) throws EProfileException { X509Key key = pkcs10.getSubjectPublicKeyInfo(); try { @@ -1035,36 +1037,41 @@ public abstract class EnrollProfile extends BasicProfile req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME, new CertificateSubjectName(pkcs10.getSubjectName())); try { - String subjectCN = pkcs10.getSubjectName().getCommonName(); - if (subjectCN == null) subjectCN = ""; - req.setExtData(REQUEST_SUBJECT_NAME+".cn", subjectCN); + String subjectCN = pkcs10.getSubjectName().getCommonName(); + if (subjectCN == null) + subjectCN = ""; + req.setExtData(REQUEST_SUBJECT_NAME + ".cn", subjectCN); } catch (Exception ee) { - req.setExtData(REQUEST_SUBJECT_NAME+".cn", ""); + req.setExtData(REQUEST_SUBJECT_NAME + ".cn", ""); } try { String subjectUID = pkcs10.getSubjectName().getUserID(); - if (subjectUID == null) subjectUID = ""; - req.setExtData(REQUEST_SUBJECT_NAME+".uid", subjectUID); + if (subjectUID == null) + subjectUID = ""; + req.setExtData(REQUEST_SUBJECT_NAME + ".uid", subjectUID); } catch (Exception ee) { - req.setExtData(REQUEST_SUBJECT_NAME+".uid", ""); + req.setExtData(REQUEST_SUBJECT_NAME + ".uid", ""); } info.set(X509CertInfo.KEY, certKey); PKCS10Attributes p10Attrs = pkcs10.getAttributes(); if (p10Attrs != null) { - PKCS10Attribute p10Attr = (PKCS10Attribute) - (p10Attrs.getAttribute(CertificateExtensions.NAME)); - if (p10Attr != null && p10Attr.getAttributeId().equals( - PKCS9Attribute.EXTENSION_REQUEST_OID)) { CMS.debug("Found PKCS10 extension"); - Extensions exts0 = (Extensions) - (p10Attr.getAttributeValue()); + PKCS10Attribute p10Attr = (PKCS10Attribute) (p10Attrs + .getAttribute(CertificateExtensions.NAME)); + if (p10Attr != null + && p10Attr.getAttributeId().equals( + PKCS9Attribute.EXTENSION_REQUEST_OID)) { + CMS.debug("Found PKCS10 extension"); + Extensions exts0 = (Extensions) (p10Attr + .getAttributeValue()); DerOutputStream extOut = new DerOutputStream(); exts0.encode(extOut); byte[] extB = extOut.toByteArray(); DerInputStream extIn = new DerInputStream(extB); - CertificateExtensions exts = new CertificateExtensions(extIn); + CertificateExtensions exts = new CertificateExtensions( + extIn); if (exts != null) { CMS.debug("Set extensions " + exts); // info.set(X509CertInfo.EXTENSIONS, exts); @@ -1072,75 +1079,73 @@ public abstract class EnrollProfile extends BasicProfile } } else { CMS.debug("PKCS10 extension Not Found"); - } - } + } + } CMS.debug("Finish parsePKCS10 - " + pkcs10.getSubjectName()); } catch (IOException e) { CMS.debug("EnrollProfile: fillPKCS10 " + e.toString()); - throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException(CMS.getUserMessage(locale, + "CMS_PROFILE_INVALID_REQUEST")); } catch (CertificateException e) { CMS.debug("EnrollProfile: fillPKCS10 " + e.toString()); - throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException(CMS.getUserMessage(locale, + "CMS_PROFILE_INVALID_REQUEST")); } } + // for netkey + public void fillNSNKEY(Locale locale, String sn, String skey, + X509CertInfo info, IRequest req) throws EProfileException { - // for netkey - public void fillNSNKEY(Locale locale, String sn, String skey, X509CertInfo info, IRequest req) - throws EProfileException { + try { + // cfu - is the algorithm going to be replaced by the policy? + X509Key key = new X509Key(); + key.decode(CMS.AtoB(skey)); + + info.set(X509CertInfo.KEY, new CertificateX509Key(key)); + // req.set(EnrollProfile.REQUEST_SUBJECT_NAME, + // new CertificateSubjectName(new + // X500Name("CN="+sn))); + req.setExtData("screenname", sn); + // keeping "aoluid" to be backward compatible + req.setExtData("aoluid", sn); + req.setExtData("uid", sn); + CMS.debug("EnrollPrifile: fillNSNKEY(): uid=" + sn); - try { - //cfu - is the algorithm going to be replaced by the policy? - X509Key key = new X509Key(); - key.decode(CMS.AtoB(skey)); - - info.set(X509CertInfo.KEY, new CertificateX509Key(key)); - // req.set(EnrollProfile.REQUEST_SUBJECT_NAME, - // new CertificateSubjectName(new - // X500Name("CN="+sn))); - req.setExtData("screenname", sn); - // keeping "aoluid" to be backward compatible - req.setExtData("aoluid", sn); - req.setExtData("uid", sn); - CMS.debug("EnrollPrifile: fillNSNKEY(): uid="+sn); - - } catch (Exception e) { - CMS.debug("EnrollProfile: fillNSNKEY(): "+e.toString()); - throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); - } + } catch (Exception e) { + CMS.debug("EnrollProfile: fillNSNKEY(): " + e.toString()); + throw new EProfileException(CMS.getUserMessage(locale, + "CMS_PROFILE_INVALID_REQUEST")); } + } - // for house key - public void fillNSHKEY(Locale locale, String tcuid, String skey, X509CertInfo info, IRequest req) - throws EProfileException { + // for house key + public void fillNSHKEY(Locale locale, String tcuid, String skey, + X509CertInfo info, IRequest req) throws EProfileException { - try { - //cfu - is the algorithm going to be replaced by the policy? - X509Key key = new X509Key(); - key.decode(CMS.AtoB(skey)); - - info.set(X509CertInfo.KEY, new CertificateX509Key(key)); - // req.set(EnrollProfile.REQUEST_SUBJECT_NAME, - // new CertificateSubjectName(new - // X500Name("CN="+sn))); - req.setExtData("tokencuid", tcuid); - - CMS.debug("EnrollPrifile: fillNSNKEY(): tokencuid="+tcuid); - - } catch (Exception e) { - CMS.debug("EnrollProfile: fillNSHKEY(): "+e.toString()); - throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); - } - } + try { + // cfu - is the algorithm going to be replaced by the policy? + X509Key key = new X509Key(); + key.decode(CMS.AtoB(skey)); + + info.set(X509CertInfo.KEY, new CertificateX509Key(key)); + // req.set(EnrollProfile.REQUEST_SUBJECT_NAME, + // new CertificateSubjectName(new + // X500Name("CN="+sn))); + req.setExtData("tokencuid", tcuid); + CMS.debug("EnrollPrifile: fillNSNKEY(): tokencuid=" + tcuid); + + } catch (Exception e) { + CMS.debug("EnrollProfile: fillNSHKEY(): " + e.toString()); + throw new EProfileException(CMS.getUserMessage(locale, + "CMS_PROFILE_INVALID_REQUEST")); + } + } public DerInputStream parseKeyGen(Locale locale, String certreq) - throws EProfileException { + throws EProfileException { byte data[] = CMS.AtoB(certreq); DerInputStream derIn = new DerInputStream(data); @@ -1148,9 +1153,8 @@ public abstract class EnrollProfile extends BasicProfile return derIn; } - public void fillKeyGen(Locale locale, DerInputStream derIn, X509CertInfo info, IRequest req - ) - throws EProfileException { + public void fillKeyGen(Locale locale, DerInputStream derIn, + X509CertInfo info, IRequest req) throws EProfileException { try { /* get SPKAC Algorithm & Signature */ @@ -1180,12 +1184,12 @@ public abstract class EnrollProfile extends BasicProfile info.set(X509CertInfo.KEY, certKey); } catch (IOException e) { CMS.debug("EnrollProfile: fillKeyGen " + e.toString()); - throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException(CMS.getUserMessage(locale, + "CMS_PROFILE_INVALID_REQUEST")); } catch (CertificateException e) { CMS.debug("EnrollProfile: fillKeyGen " + e.toString()); - throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException(CMS.getUserMessage(locale, + "CMS_PROFILE_INVALID_REQUEST")); } } @@ -1220,8 +1224,8 @@ public abstract class EnrollProfile extends BasicProfile public Locale getLocale(IRequest request) { Locale locale = null; - String language = request.getExtDataInString( - EnrollProfile.REQUEST_LOCALE); + String language = request + .getExtDataInString(EnrollProfile.REQUEST_LOCALE); if (language != null) { locale = new Locale(language); } @@ -1231,37 +1235,36 @@ public abstract class EnrollProfile extends BasicProfile /** * Populate input * <P> - * + * * (either all "agent" profile cert requests NOT made through a connector, - * or all "EE" profile cert requests NOT made through a connector) + * or all "EE" profile cert requests NOT made through a connector) * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a * profile cert request is made (before approval process) * </ul> + * * @param ctx profile context * @param request the certificate request * @exception EProfileException an error related to this profile has - * occurred + * occurred */ public void populateInput(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { super.populateInput(ctx, request); } - public void populate(IRequest request) - throws EProfileException { + public void populate(IRequest request) throws EProfileException { super.populate(request); } /** - * Passes the request to the set of constraint policies - * that validate the request against the profile. + * Passes the request to the set of constraint policies that validate the + * request against the profile. */ - public void validate(IRequest request) - throws ERejectException { + public void validate(IRequest request) throws ERejectException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(request); @@ -1273,28 +1276,25 @@ public abstract class EnrollProfile extends BasicProfile X509CertInfo info = request.getExtDataInCertInfo(REQUEST_CERTINFO); try { - CertificateSubjectName sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); + CertificateSubjectName sn = (CertificateSubjectName) info + .get(X509CertInfo.SUBJECT); // if the cert subject name is NOT MISSING, retrieve the // actual "auditCertificateSubjectName" and "normalize" it if (sn != null) { subject = sn.toString(); if (subject != null) { - // NOTE: This is ok even if the cert subject name - // is "" (empty)! + // NOTE: This is ok even if the cert subject name + // is "" (empty)! auditCertificateSubjectName = subject.trim(); } } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditProfileID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, auditSubjectID, + ILogger.SUCCESS, auditRequesterID, auditProfileID, + auditCertificateSubjectName); audit(auditMessage); } catch (CertificateException e) { @@ -1302,12 +1302,9 @@ public abstract class EnrollProfile extends BasicProfile // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditProfileID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, auditSubjectID, + ILogger.FAILURE, auditRequesterID, auditProfileID, + auditCertificateSubjectName); audit(auditMessage); } catch (IOException e) { @@ -1315,12 +1312,9 @@ public abstract class EnrollProfile extends BasicProfile // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditProfileID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, auditSubjectID, + ILogger.FAILURE, auditRequesterID, auditProfileID, + auditCertificateSubjectName); audit(auditMessage); } @@ -1337,8 +1331,8 @@ public abstract class EnrollProfile extends BasicProfile if (key == null) { Locale locale = getLocale(request); - throw new ERejectException(CMS.getUserMessage( - locale, "CMS_PROFILE_EMPTY_KEY")); + throw new ERejectException(CMS.getUserMessage(locale, + "CMS_PROFILE_EMPTY_KEY")); } try { @@ -1350,12 +1344,11 @@ public abstract class EnrollProfile extends BasicProfile /** * Signed Audit Log Requester ID - * - * This method is inherited by all extended "EnrollProfile"s, - * and is called to obtain the "RequesterID" for - * a signed audit log message. + * + * This method is inherited by all extended "EnrollProfile"s, and is called + * to obtain the "RequesterID" for a signed audit log message. * <P> - * + * * @param request the actual request * @return id string containing the signed audit log message RequesterID */ @@ -1381,12 +1374,11 @@ public abstract class EnrollProfile extends BasicProfile /** * Signed Audit Log Profile ID - * - * This method is inherited by all extended "EnrollProfile"s, - * and is called to obtain the "ProfileID" for - * a signed audit log message. + * + * This method is inherited by all extended "EnrollProfile"s, and is called + * to obtain the "ProfileID" for a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message ProfileID */ protected String auditProfileID() { @@ -1407,7 +1399,7 @@ public abstract class EnrollProfile extends BasicProfile } public void verifyPOP(Locale locale, CertReqMsg certReqMsg) - throws EProfileException { + throws EProfileException { CMS.debug("EnrollProfile ::in verifyPOP"); String auditMessage = null; @@ -1426,37 +1418,35 @@ public abstract class EnrollProfile extends BasicProfile try { CryptoManager cm = CryptoManager.getInstance(); CryptoToken verifyToken = null; - String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", "internal"); + String tokenName = CMS.getConfigStore().getString( + "ca.requestVerify.token", "internal"); if (tokenName.equals("internal")) { CMS.debug("POP verification using internal token"); certReqMsg.verify(); } else { - CMS.debug("POP verification using token:"+ tokenName); + CMS.debug("POP verification using token:" + tokenName); verifyToken = cm.getTokenByName(tokenName); certReqMsg.verify(verifyToken); } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.SUCCESS ); - audit( auditMessage ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, auditSubjectID, + ILogger.SUCCESS); + audit(auditMessage); } catch (Exception e) { - CMS.debug("Failed POP verify! "+e.toString()); + CMS.debug("Failed POP verify! " + e.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.FAILURE ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, auditSubjectID, + ILogger.FAILURE); - audit( auditMessage ); + audit(auditMessage); throw new EProfileException(CMS.getUserMessage(locale, - "CMS_POP_VERIFICATION_ERROR")); + "CMS_POP_VERIFICATION_ERROR")); } } } - diff --git a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java index 199aa7943..972412f7e 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java @@ -17,17 +17,15 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import com.netscape.certsrv.profile.IProfileContext; - /** - * This class implements an enrollment profile context - * that carries information for request creation. - * + * This class implements an enrollment profile context that carries information + * for request creation. + * * @version $Revision$, $Date$ */ -public class EnrollProfileContext extends ProfileContext - implements IProfileContext { +public class EnrollProfileContext extends ProfileContext implements + IProfileContext { } diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java b/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java index 147d9c820..7a275b1e6 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java @@ -17,15 +17,13 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import java.util.Hashtable; import com.netscape.certsrv.profile.IProfileContext; - /** * This class implements the profile context. - * + * * @version $Revision$, $Date$ */ public class ProfileContext implements IProfileContext { diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java b/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java index a0f0ed250..a7895746f 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java @@ -17,17 +17,14 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import com.netscape.certsrv.profile.IPolicyConstraint; import com.netscape.certsrv.profile.IPolicyDefault; import com.netscape.certsrv.profile.IProfilePolicy; - /** - * This class implements a profile policy that - * contains a default policy and a constraint - * policy. - * + * This class implements a profile policy that contains a default policy and a + * constraint policy. + * * @version $Revision$, $Date$ */ public class ProfilePolicy implements IProfilePolicy { @@ -35,7 +32,8 @@ public class ProfilePolicy implements IProfilePolicy { private IPolicyDefault mDefault = null; private IPolicyConstraint mConstraint = null; - public ProfilePolicy(String id, IPolicyDefault def, IPolicyConstraint constraint) { + public ProfilePolicy(String id, IPolicyDefault def, + IPolicyConstraint constraint) { mId = id; mDefault = def; mConstraint = constraint; diff --git a/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java index f82e73138..b00ac56b9 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import java.util.Enumeration; import netscape.security.x509.X500Name; @@ -35,11 +34,9 @@ import com.netscape.certsrv.request.IRequestListener; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.RequestStatus; - /** - * This class implements a Registration Manager - * enrollment profile. - * + * This class implements a Registration Manager enrollment profile. + * * @version $Revision$, $Date$ */ public class RAEnrollProfile extends EnrollProfile { @@ -49,8 +46,7 @@ public class RAEnrollProfile extends EnrollProfile { } public IAuthority getAuthority() { - IAuthority authority = (IAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + IAuthority authority = (IAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA); if (authority == null) return null; @@ -58,31 +54,27 @@ public class RAEnrollProfile extends EnrollProfile { } public X500Name getIssuerName() { - IRegistrationAuthority ra = (IRegistrationAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + IRegistrationAuthority ra = (IRegistrationAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_RA); X500Name issuerName = ra.getX500Name(); return issuerName; } - public void execute(IRequest request) - throws EProfileException { - + public void execute(IRequest request) throws EProfileException { if (!isEnable()) { CMS.debug("CAEnrollProfile: Profile Not Enabled"); throw new EProfileException("Profile Not Enabled"); } - IRegistrationAuthority ra = - (IRegistrationAuthority) getAuthority(); + IRegistrationAuthority ra = (IRegistrationAuthority) getAuthority(); IRAService raService = (IRAService) ra.getRAService(); if (raService == null) { throw new EProfileException("No RA Service"); } - IRequestQueue queue = ra.getRequestQueue(); // send request to CA @@ -94,15 +86,16 @@ public class RAEnrollProfile extends EnrollProfile { } else { caConnector.send(request); // check response - if (!request.isSuccess()) { + if (!request.isSuccess()) { CMS.debug("RAEnrollProfile error talking to CA setting req status to SVC_PENDING"); request.setRequestStatus(RequestStatus.SVC_PENDING); try { - queue.updateRequest(request); + queue.updateRequest(request); } catch (EBaseException e) { - CMS.debug("RAEnrollProfile: Update request " + e.toString()); + CMS.debug("RAEnrollProfile: Update request " + + e.toString()); } throw new ERejectException( request.getError(getLocale(request))); diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java index 4a18ff14d..7d6508644 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.NameValuePairs; @@ -28,91 +27,86 @@ import com.netscape.certsrv.profile.IProfileInput; import com.netscape.certsrv.profile.IProfileOutput; import com.netscape.certsrv.profile.IProfilePolicy; - /** - * This class implements a Certificate Manager enrollment - * profile for Server Certificates. - * + * This class implements a Certificate Manager enrollment profile for Server + * Certificates. + * * @version $Revision$, $Date$ */ -public class ServerCertCAEnrollProfile extends CAEnrollProfile - implements IProfileEx { +public class ServerCertCAEnrollProfile extends CAEnrollProfile implements + IProfileEx { /** - * Called after initialization. It populates default - * policies, inputs, and outputs. + * Called after initialization. It populates default policies, inputs, and + * outputs. */ - public void populate() throws EBaseException - { + public void populate() throws EBaseException { // create inputs NameValuePairs inputParams1 = new NameValuePairs(); - IProfileInput input1 = - createProfileInput("i1", "certReqInputImpl", inputParams1); + IProfileInput input1 = createProfileInput("i1", "certReqInputImpl", + inputParams1); NameValuePairs inputParams2 = new NameValuePairs(); - IProfileInput input2 = - createProfileInput("i2", "submitterInfoInputImpl", inputParams2); + IProfileInput input2 = createProfileInput("i2", + "submitterInfoInputImpl", inputParams2); // create outputs NameValuePairs outputParams1 = new NameValuePairs(); - IProfileOutput output1 = - createProfileOutput("o1", "certOutputImpl", outputParams1); + IProfileOutput output1 = createProfileOutput("o1", "certOutputImpl", + outputParams1); - IProfilePolicy policy1 = - createProfilePolicy("set1", "p1", - "userSubjectNameDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy1 = createProfilePolicy("set1", "p1", + "userSubjectNameDefaultImpl", "noConstraintImpl"); IPolicyDefault def1 = policy1.getDefault(); IConfigStore defConfig1 = def1.getConfigStore(); IPolicyConstraint con1 = policy1.getConstraint(); IConfigStore conConfig1 = con1.getConfigStore(); - IProfilePolicy policy2 = - createProfilePolicy("set1", "p2", - "validityDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy2 = createProfilePolicy("set1", "p2", + "validityDefaultImpl", "noConstraintImpl"); IPolicyDefault def2 = policy2.getDefault(); IConfigStore defConfig2 = def2.getConfigStore(); - defConfig2.putString("params.range","180"); - defConfig2.putString("params.startTime","0"); + defConfig2.putString("params.range", "180"); + defConfig2.putString("params.startTime", "0"); IPolicyConstraint con2 = policy2.getConstraint(); IConfigStore conConfig2 = con2.getConfigStore(); - IProfilePolicy policy3 = - createProfilePolicy("set1", "p3", - "userKeyDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy3 = createProfilePolicy("set1", "p3", + "userKeyDefaultImpl", "noConstraintImpl"); IPolicyDefault def3 = policy3.getDefault(); IConfigStore defConfig3 = def3.getConfigStore(); - defConfig3.putString("params.keyType","RSA"); - defConfig3.putString("params.keyMinLength","512"); - defConfig3.putString("params.keyMaxLength","4096"); + defConfig3.putString("params.keyType", "RSA"); + defConfig3.putString("params.keyMinLength", "512"); + defConfig3.putString("params.keyMaxLength", "4096"); IPolicyConstraint con3 = policy3.getConstraint(); IConfigStore conConfig3 = con3.getConfigStore(); - IProfilePolicy policy4 = - createProfilePolicy("set1", "p4", - "signingAlgDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy4 = createProfilePolicy("set1", "p4", + "signingAlgDefaultImpl", "noConstraintImpl"); IPolicyDefault def4 = policy4.getDefault(); IConfigStore defConfig4 = def4.getConfigStore(); - defConfig4.putString("params.signingAlg","-"); - defConfig4.putString("params.signingAlgsAllowed", - "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); + defConfig4.putString("params.signingAlg", "-"); + defConfig4 + .putString( + "params.signingAlgsAllowed", + "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); IPolicyConstraint con4 = policy4.getConstraint(); IConfigStore conConfig4 = con4.getConfigStore(); - IProfilePolicy policy5 = - createProfilePolicy("set1", "p5", - "keyUsageExtDefaultImpl", "noConstraintImpl"); - IPolicyDefault def5 = policy5.getDefault(); - IConfigStore defConfig5 = def5.getConfigStore(); - defConfig5.putString("params.keyUsageCritical","true"); - defConfig5.putString("params.keyUsageCrlSign","false"); - defConfig5.putString("params.keyUsageDataEncipherment","true"); - defConfig5.putString("params.keyUsageDecipherOnly","false"); - defConfig5.putString("params.keyUsageDigitalSignature","true"); - defConfig5.putString("params.keyUsageEncipherOnly","false"); - defConfig5.putString("params.keyUsageKeyAgreement","false"); - defConfig5.putString("params.keyUsageKeyCertSign","false"); - defConfig5.putString("params.keyUsageKeyEncipherment","true"); - defConfig5.putString("params.keyUsageNonRepudiation","true"); - IPolicyConstraint con5 = policy5.getConstraint(); + IProfilePolicy policy5 = createProfilePolicy("set1", "p5", + "keyUsageExtDefaultImpl", "noConstraintImpl"); + IPolicyDefault def5 = policy5.getDefault(); + IConfigStore defConfig5 = def5.getConfigStore(); + defConfig5.putString("params.keyUsageCritical", "true"); + defConfig5.putString("params.keyUsageCrlSign", "false"); + defConfig5.putString("params.keyUsageDataEncipherment", "true"); + defConfig5.putString("params.keyUsageDecipherOnly", "false"); + defConfig5.putString("params.keyUsageDigitalSignature", "true"); + defConfig5.putString("params.keyUsageEncipherOnly", "false"); + defConfig5.putString("params.keyUsageKeyAgreement", "false"); + defConfig5.putString("params.keyUsageKeyCertSign", "false"); + defConfig5.putString("params.keyUsageKeyEncipherment", "true"); + defConfig5.putString("params.keyUsageNonRepudiation", "true"); + IPolicyConstraint con5 = policy5.getConstraint(); IConfigStore conConfig5 = con5.getConfigStore(); } diff --git a/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java index 7d4254bff..833f0f109 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.NameValuePairs; @@ -28,94 +27,89 @@ import com.netscape.certsrv.profile.IProfileInput; import com.netscape.certsrv.profile.IProfileOutput; import com.netscape.certsrv.profile.IProfilePolicy; - /** - * This class implements a Certificate Manager enrollment - * profile for User Certificates. - * + * This class implements a Certificate Manager enrollment profile for User + * Certificates. + * * @version $Revision$, $Date$ */ -public class UserCertCAEnrollProfile extends CAEnrollProfile - implements IProfileEx { +public class UserCertCAEnrollProfile extends CAEnrollProfile implements + IProfileEx { /** - * Called after initialization. It populates default - * policies, inputs, and outputs. + * Called after initialization. It populates default policies, inputs, and + * outputs. */ - public void populate() throws EBaseException - { + public void populate() throws EBaseException { // create inputs NameValuePairs inputParams1 = new NameValuePairs(); - IProfileInput input1 = - createProfileInput("i1", "keyGenInputImpl", inputParams1); + IProfileInput input1 = createProfileInput("i1", "keyGenInputImpl", + inputParams1); NameValuePairs inputParams2 = new NameValuePairs(); - IProfileInput input2 = - createProfileInput("i2", "subjectNameInputImpl", inputParams2); + IProfileInput input2 = createProfileInput("i2", "subjectNameInputImpl", + inputParams2); NameValuePairs inputParams3 = new NameValuePairs(); - IProfileInput input3 = - createProfileInput("i3", "submitterInfoInputImpl", inputParams2); + IProfileInput input3 = createProfileInput("i3", + "submitterInfoInputImpl", inputParams2); // create outputs NameValuePairs outputParams1 = new NameValuePairs(); - IProfileOutput output1 = - createProfileOutput("o1", "certOutputImpl", outputParams1); + IProfileOutput output1 = createProfileOutput("o1", "certOutputImpl", + outputParams1); // create policies - IProfilePolicy policy1 = - createProfilePolicy("set1", "p1", - "userSubjectNameDefaultImpl", "noConstraintImpl"); - IPolicyDefault def1 = policy1.getDefault(); - IConfigStore defConfig1 = def1.getConfigStore(); - IPolicyConstraint con1 = policy1.getConstraint(); + IProfilePolicy policy1 = createProfilePolicy("set1", "p1", + "userSubjectNameDefaultImpl", "noConstraintImpl"); + IPolicyDefault def1 = policy1.getDefault(); + IConfigStore defConfig1 = def1.getConfigStore(); + IPolicyConstraint con1 = policy1.getConstraint(); IConfigStore conConfig1 = con1.getConfigStore(); - IProfilePolicy policy2 = - createProfilePolicy("set1", "p2", - "validityDefaultImpl", "noConstraintImpl"); - IPolicyDefault def2 = policy2.getDefault(); - IConfigStore defConfig2 = def2.getConfigStore(); - defConfig2.putString("params.range","180"); - defConfig2.putString("params.startTime","0"); - IPolicyConstraint con2 = policy2.getConstraint(); + IProfilePolicy policy2 = createProfilePolicy("set1", "p2", + "validityDefaultImpl", "noConstraintImpl"); + IPolicyDefault def2 = policy2.getDefault(); + IConfigStore defConfig2 = def2.getConfigStore(); + defConfig2.putString("params.range", "180"); + defConfig2.putString("params.startTime", "0"); + IPolicyConstraint con2 = policy2.getConstraint(); IConfigStore conConfig2 = con2.getConfigStore(); - IProfilePolicy policy3 = - createProfilePolicy("set1", "p3", - "userKeyDefaultImpl", "noConstraintImpl"); - IPolicyDefault def3 = policy3.getDefault(); - IConfigStore defConfig3 = def3.getConfigStore(); - defConfig3.putString("params.keyType","RSA"); - defConfig3.putString("params.keyMinLength","512"); - defConfig3.putString("params.keyMaxLength","4096"); - IPolicyConstraint con3 = policy3.getConstraint(); + IProfilePolicy policy3 = createProfilePolicy("set1", "p3", + "userKeyDefaultImpl", "noConstraintImpl"); + IPolicyDefault def3 = policy3.getDefault(); + IConfigStore defConfig3 = def3.getConfigStore(); + defConfig3.putString("params.keyType", "RSA"); + defConfig3.putString("params.keyMinLength", "512"); + defConfig3.putString("params.keyMaxLength", "4096"); + IPolicyConstraint con3 = policy3.getConstraint(); IConfigStore conConfig3 = con3.getConfigStore(); - IProfilePolicy policy4 = - createProfilePolicy("set1", "p4", - "signingAlgDefaultImpl", "noConstraintImpl"); - IPolicyDefault def4 = policy4.getDefault(); - IConfigStore defConfig4 = def4.getConfigStore(); - defConfig4.putString("params.signingAlg","-"); - defConfig4.putString("params.signingAlgsAllowed", - "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); - IPolicyConstraint con4 = policy4.getConstraint(); + IProfilePolicy policy4 = createProfilePolicy("set1", "p4", + "signingAlgDefaultImpl", "noConstraintImpl"); + IPolicyDefault def4 = policy4.getDefault(); + IConfigStore defConfig4 = def4.getConfigStore(); + defConfig4.putString("params.signingAlg", "-"); + defConfig4 + .putString( + "params.signingAlgsAllowed", + "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); + IPolicyConstraint con4 = policy4.getConstraint(); IConfigStore conConfig4 = con4.getConfigStore(); - IProfilePolicy policy5 = - createProfilePolicy("set1", "p5", - "keyUsageExtDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy5 = createProfilePolicy("set1", "p5", + "keyUsageExtDefaultImpl", "noConstraintImpl"); IPolicyDefault def5 = policy5.getDefault(); IConfigStore defConfig5 = def5.getConfigStore(); - defConfig5.putString("params.keyUsageCritical","true"); - defConfig5.putString("params.keyUsageCrlSign","false"); - defConfig5.putString("params.keyUsageDataEncipherment","false"); - defConfig5.putString("params.keyUsageDecipherOnly","false"); - defConfig5.putString("params.keyUsageDigitalSignature","true"); - defConfig5.putString("params.keyUsageEncipherOnly","false"); - defConfig5.putString("params.keyUsageKeyAgreement","false"); - defConfig5.putString("params.keyUsageKeyCertSign","false"); - defConfig5.putString("params.keyUsageKeyEncipherment","true"); - defConfig5.putString("params.keyUsageNonRepudiation","true"); + defConfig5.putString("params.keyUsageCritical", "true"); + defConfig5.putString("params.keyUsageCrlSign", "false"); + defConfig5.putString("params.keyUsageDataEncipherment", "false"); + defConfig5.putString("params.keyUsageDecipherOnly", "false"); + defConfig5.putString("params.keyUsageDigitalSignature", "true"); + defConfig5.putString("params.keyUsageEncipherOnly", "false"); + defConfig5.putString("params.keyUsageKeyAgreement", "false"); + defConfig5.putString("params.keyUsageKeyCertSign", "false"); + defConfig5.putString("params.keyUsageKeyEncipherment", "true"); + defConfig5.putString("params.keyUsageNonRepudiation", "true"); IPolicyConstraint con5 = policy5.getConstraint(); IConfigStore conConfig5 = con5.getConfigStore(); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java index 4e4c2f603..8c9fd70d6 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.io.IOException; import java.util.Locale; @@ -40,24 +39,18 @@ import com.netscape.cms.profile.def.BasicConstraintsExtDefault; import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserExtensionDefault; - /** - * This class implements the basic constraints extension constraint. - * It checks if the basic constraint in the certificate - * template satisfies the criteria. - * + * This class implements the basic constraints extension constraint. It checks + * if the basic constraint in the certificate template satisfies the criteria. + * * @version $Revision$, $Date$ */ public class BasicConstraintsExtConstraint extends EnrollConstraint { - public static final String CONFIG_CRITICAL = - "basicConstraintsCritical"; - public static final String CONFIG_IS_CA = - "basicConstraintsIsCA"; - public static final String CONFIG_MIN_PATH_LEN = - "basicConstraintsMinPathLen"; - public static final String CONFIG_MAX_PATH_LEN = - "basicConstraintsMaxPathLen"; + public static final String CONFIG_CRITICAL = "basicConstraintsCritical"; + public static final String CONFIG_IS_CA = "basicConstraintsIsCA"; + public static final String CONFIG_MIN_PATH_LEN = "basicConstraintsMinPathLen"; + public static final String CONFIG_MAX_PATH_LEN = "basicConstraintsMaxPathLen"; public BasicConstraintsExtConstraint() { super(); @@ -71,50 +64,42 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { * Initializes this constraint plugin. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_CRITICAL)) { + return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_IS_CA)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA")); } else if (name.equals(CONFIG_MIN_PATH_LEN)) { - return new Descriptor(IDescriptor.INTEGER, null, - "-1", + return new Descriptor(IDescriptor.INTEGER, null, "-1", CMS.getUserMessage(locale, "CMS_PROFILE_MIN_PATH_LEN")); } else if (name.equals(CONFIG_MAX_PATH_LEN)) { - return new Descriptor(IDescriptor.INTEGER, null, - "100", + return new Descriptor(IDescriptor.INTEGER, null, "100", CMS.getUserMessage(locale, "CMS_PROFILE_MAX_PATH_LEN")); } return null; } /** - * Validates the request. The request is not modified - * during the validation. + * Validates the request. The request is not modified during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { CertificateExtensions exts = null; try { - BasicConstraintsExtension ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), - info); + BasicConstraintsExtension ext = (BasicConstraintsExtension) getExtension( + PKIXExtensions.BasicConstraints_Id.toString(), info); if (ext == null) { - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - PKIXExtensions.BasicConstraints_Id.toString())); + throw new ERejectException(CMS.getUserMessage( + getLocale(request), "CMS_PROFILE_EXTENSION_NOT_FOUND", + PKIXExtensions.BasicConstraints_Id.toString())); } // check criticality @@ -124,67 +109,66 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { boolean critical = getBoolean(value); if (critical != ext.isCritical()) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CRITICAL_NOT_MATCHED")); + throw new ERejectException(CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_CRITICAL_NOT_MATCHED")); } - } + } value = getConfig(CONFIG_IS_CA); if (!isOptional(value)) { boolean isCA = getBoolean(value); - Boolean extIsCA = (Boolean) ext.get(BasicConstraintsExtension.IS_CA); + Boolean extIsCA = (Boolean) ext + .get(BasicConstraintsExtension.IS_CA); if (isCA != extIsCA.booleanValue()) { throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_IS_CA")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_IS_CA")); } - } + } value = getConfig(CONFIG_MIN_PATH_LEN); if (!isOptional(value)) { int pathLen = getInt(value); - Integer extPathLen = (Integer) ext.get(BasicConstraintsExtension.PATH_LEN); + Integer extPathLen = (Integer) ext + .get(BasicConstraintsExtension.PATH_LEN); if (pathLen > extPathLen.intValue()) { - CMS.debug("BasicCOnstraintsExtConstraint: pathLen=" + pathLen + " > extPathLen=" + extPathLen); + CMS.debug("BasicCOnstraintsExtConstraint: pathLen=" + + pathLen + " > extPathLen=" + extPathLen); throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MIN_PATH")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MIN_PATH")); } } value = getConfig(CONFIG_MAX_PATH_LEN); if (!isOptional(value)) { int pathLen = getInt(value); - Integer extPathLen = (Integer) ext.get(BasicConstraintsExtension.PATH_LEN); + Integer extPathLen = (Integer) ext + .get(BasicConstraintsExtension.PATH_LEN); if (pathLen < extPathLen.intValue()) { - CMS.debug("BasicCOnstraintsExtConstraint: pathLen=" + pathLen + " < extPathLen=" + extPathLen); + CMS.debug("BasicCOnstraintsExtConstraint: pathLen=" + + pathLen + " < extPathLen=" + extPathLen); throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MAX_PATH")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MAX_PATH")); } } } catch (IOException e) { CMS.debug("BasicConstraintsExt: validate " + e.toString()); - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - PKIXExtensions.BasicConstraints_Id.toString())); + throw new ERejectException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_EXTENSION_NOT_FOUND", + PKIXExtensions.BasicConstraints_Id.toString())); } } public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_IS_CA), - getConfig(CONFIG_MIN_PATH_LEN), - getConfig(CONFIG_MAX_PATH_LEN) - }; - - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_TEXT", - params); + String params[] = { getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_IS_CA), getConfig(CONFIG_MIN_PATH_LEN), + getConfig(CONFIG_MAX_PATH_LEN) }; + + return CMS.getUserMessage(locale, + "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_TEXT", params); } public boolean isApplicable(IPolicyDefault def) { @@ -197,19 +181,17 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { return false; } - public void setConfig(String name, String value) - throws EPropertyException { - + public void setConfig(String name, String value) throws EPropertyException { if (mConfig.getSubStore("params") == null) { CMS.debug("BasicConstraintsExt: mConfig.getSubStore is null"); // } else { - CMS.debug("BasicConstraintsExt: setConfig name " + name + " value " + value); + CMS.debug("BasicConstraintsExt: setConfig name " + name + " value " + + value); - if(name.equals(CONFIG_MAX_PATH_LEN)) - { + if (name.equals(CONFIG_MAX_PATH_LEN)) { String minPathLen = getConfig(CONFIG_MIN_PATH_LEN); @@ -217,13 +199,12 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { int maxLen = getInt(value); - if(minLen >= maxLen) { + if (minLen >= maxLen) { CMS.debug("BasicConstraintExt: minPathLen >= maxPathLen!"); throw new EPropertyException("bad value"); } - } mConfig.getSubStore("params").putString(name, value); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java index 9759af73d..8b2eab44b 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java @@ -17,16 +17,13 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import netscape.security.x509.X509CertImpl; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.ca.ICertificateAuthority; - /** - * This class represents an abstract class for CA enrollment - * constraint. + * This class represents an abstract class for CA enrollment constraint. */ public abstract class CAEnrollConstraint extends EnrollConstraint { @@ -41,8 +38,8 @@ public abstract class CAEnrollConstraint extends EnrollConstraint { * Retrieves the CA certificate. */ public X509CertImpl getCACert() { - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_CA); X509CertImpl caCert = ca.getCACert(); return caCert; diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java index 4d89e7391..17c6c34f5 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.io.IOException; import java.util.Date; import java.util.Locale; @@ -38,12 +37,10 @@ import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserValidityDefault; import com.netscape.cms.profile.def.ValidityDefault; - /** - * This class implements the validity constraint. - * It checks if the validity in the certificate - * template is within the CA's validity. - * + * This class implements the validity constraint. It checks if the validity in + * the certificate template is within the CA's validity. + * * @version $Revision$, $Date$ */ public class CAValidityConstraint extends CAEnrollConstraint { @@ -56,7 +53,7 @@ public class CAValidityConstraint extends CAEnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); X509CertImpl caCert = getCACert(); @@ -65,19 +62,18 @@ public class CAValidityConstraint extends CAEnrollConstraint { } /** - * Validates the request. The request is not modified - * during the validation. + * Validates the request. The request is not modified during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { CMS.debug("CAValidityConstraint: validate start"); CertificateValidity v = null; try { v = (CertificateValidity) info.get(X509CertInfo.VALIDITY); } catch (Exception e) { - throw new ERejectException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_VALIDITY_NOT_FOUND")); + throw new ERejectException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_VALIDITY_NOT_FOUND")); } Date notBefore = null; @@ -85,8 +81,8 @@ public class CAValidityConstraint extends CAEnrollConstraint { notBefore = (Date) v.get(CertificateValidity.NOT_BEFORE); } catch (IOException e) { CMS.debug("CAValidity: not before " + e.toString()); - throw new ERejectException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_INVALID_NOT_BEFORE")); + throw new ERejectException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_INVALID_NOT_BEFORE")); } Date notAfter = null; @@ -94,37 +90,33 @@ public class CAValidityConstraint extends CAEnrollConstraint { notAfter = (Date) v.get(CertificateValidity.NOT_AFTER); } catch (IOException e) { CMS.debug("CAValidity: not after " + e.toString()); - throw new ERejectException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_INVALID_NOT_AFTER")); + throw new ERejectException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_INVALID_NOT_AFTER")); } if (mDefNotBefore != null) { - CMS.debug("ValidtyConstraint: notBefore=" + notBefore + - " defNotBefore=" + mDefNotBefore); + CMS.debug("ValidtyConstraint: notBefore=" + notBefore + + " defNotBefore=" + mDefNotBefore); if (notBefore.before(mDefNotBefore)) { throw new ERejectException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_INVALID_NOT_BEFORE")); + getLocale(request), "CMS_PROFILE_INVALID_NOT_BEFORE")); } } - CMS.debug("ValidtyConstraint: notAfter=" + notAfter + - " defNotAfter=" + mDefNotAfter); + CMS.debug("ValidtyConstraint: notAfter=" + notAfter + " defNotAfter=" + + mDefNotAfter); if (notAfter.after(mDefNotAfter)) { - throw new ERejectException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_INVALID_NOT_AFTER")); + throw new ERejectException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_INVALID_NOT_AFTER")); } CMS.debug("CAValidtyConstraint: validate end"); } public String getText(Locale locale) { - String params[] = { - mDefNotBefore.toString(), - mDefNotAfter.toString() - }; - - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_CA_VALIDITY_CONSTRAINT_TEXT", - params); + String params[] = { mDefNotBefore.toString(), mDefNotAfter.toString() }; + + return CMS.getUserMessage(locale, + "CMS_PROFILE_CONSTRAINT_CA_VALIDITY_CONSTRAINT_TEXT", params); } public boolean isApplicable(IPolicyDefault def) { diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java index 0723a72c3..a4d1e4d91 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -39,10 +38,9 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements the generic enrollment constraint. - * + * * @version $Revision$, $Date$ */ public abstract class EnrollConstraint implements IPolicyConstraint { @@ -72,16 +70,15 @@ public abstract class EnrollConstraint implements IPolicyConstraint { public Locale getLocale(IRequest request) { Locale locale = null; - String language = request.getExtDataInString( - EnrollProfile.REQUEST_LOCALE); + String language = request + .getExtDataInString(EnrollProfile.REQUEST_LOCALE); if (language != null) { locale = new Locale(language); } return locale; } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) throws EPropertyException { if (mConfig.getSubStore("params") == null) { // } else { @@ -105,46 +102,42 @@ public abstract class EnrollConstraint implements IPolicyConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mConfig = config; } public IConfigStore getConfigStore() { return mConfig; - } + } /** - * Validates the request. The request is not modified - * during the validation. - * + * Validates the request. The request is not modified during the validation. + * * @param request enrollment request * @param info certificate template - * @exception ERejectException request is rejected due - * to violation of constraint + * @exception ERejectException request is rejected due to violation of + * constraint */ public abstract void validate(IRequest request, X509CertInfo info) - throws ERejectException; + throws ERejectException; /** - * Validates the request. The request is not modified - * during the validation. - * - * The current implementation of this method calls - * into the subclass's validate(request, info) - * method for validation checking. - * + * Validates the request. The request is not modified during the validation. + * + * The current implementation of this method calls into the subclass's + * validate(request, info) method for validation checking. + * * @param request request - * @exception ERejectException request is rejected due - * to violation of constraint + * @exception ERejectException request is rejected due to violation of + * constraint */ - public void validate(IRequest request) - throws ERejectException { + public void validate(IRequest request) throws ERejectException { String name = getClass().getName(); name = name.substring(name.lastIndexOf('.') + 1); CMS.debug(name + ": validate start"); - X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + X509CertInfo info = request + .getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); validate(request, info); @@ -168,8 +161,7 @@ public abstract class EnrollConstraint implements IPolicyConstraint { CertificateExtensions exts = null; try { - exts = (CertificateExtensions) - info.get(X509CertInfo.EXTENSIONS); + exts = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS); } catch (Exception e) { CMS.debug("EnrollConstraint: getExtension " + e.toString()); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java index 539f4890f..88cfb5422 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.util.Enumeration; import java.util.Locale; import java.util.StringTokenizer; @@ -40,19 +39,17 @@ import com.netscape.cms.profile.def.ExtendedKeyUsageExtDefault; import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserExtensionDefault; - /** - * This class implements the extended key usage extension constraint. - * It checks if the extended key usage extension in the certificate - * template satisfies the criteria. - * + * This class implements the extended key usage extension constraint. It checks + * if the extended key usage extension in the certificate template satisfies the + * criteria. + * * @version $Revision$, $Date$ */ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint { public static final String CONFIG_CRITICAL = "exKeyUsageCritical"; - public static final String CONFIG_OIDS = - "exKeyUsageOIDs"; + public static final String CONFIG_OIDS = "exKeyUsageOIDs"; public ExtendedKeyUsageExtConstraint() { super(); @@ -61,38 +58,33 @@ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_CRITICAL)) { + return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_OIDS)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_OIDS")); - } + } return null; } /** - * Validates the request. The request is not modified - * during the validation. + * Validates the request. The request is not modified during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { - ExtendedKeyUsageExtension ext = (ExtendedKeyUsageExtension) - getExtension(ExtendedKeyUsageExtension.OID, info); + throws ERejectException { + ExtendedKeyUsageExtension ext = (ExtendedKeyUsageExtension) getExtension( + ExtendedKeyUsageExtension.OID, info); if (ext == null) { - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - ExtendedKeyUsageExtension.OID)); + throw new ERejectException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_EXTENSION_NOT_FOUND", + ExtendedKeyUsageExtension.OID)); } // check criticality @@ -102,12 +94,10 @@ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint { boolean critical = getBoolean(value); if (critical != ext.isCritical()) { - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_CRITICAL_NOT_MATCHED")); + throw new ERejectException(CMS.getUserMessage( + getLocale(request), "CMS_PROFILE_CRITICAL_NOT_MATCHED")); } - } + } // Build local cache of configured OIDs Vector mCache = new Vector(); @@ -122,28 +112,22 @@ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint { // check OIDs Enumeration e = ext.getOIDs(); - while (e.hasMoreElements()) { + while (e.hasMoreElements()) { ObjectIdentifier oid = (ObjectIdentifier) e.nextElement(); if (!mCache.contains(oid.toString())) { - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_OID_NOT_MATCHED", - oid.toString())); + throw new ERejectException(CMS.getUserMessage( + getLocale(request), "CMS_PROFILE_OID_NOT_MATCHED", + oid.toString())); } } } public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_OIDS) - }; - - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_EXTENDED_KEY_EXT_TEXT", - params); + String params[] = { getConfig(CONFIG_CRITICAL), getConfig(CONFIG_OIDS) }; + + return CMS.getUserMessage(locale, + "CMS_PROFILE_CONSTRAINT_EXTENDED_KEY_EXT_TEXT", params); } public boolean isApplicable(IPolicyDefault def) { diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java index cda51a07c..5680648cd 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.util.Locale; import netscape.security.x509.Extension; @@ -37,12 +36,10 @@ import com.netscape.cms.profile.def.EnrollExtDefault; import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserExtensionDefault; - /** - * This class implements the general extension constraint. - * It checks if the extension in the certificate - * template satisfies the criteria. - * + * This class implements the general extension constraint. It checks if the + * extension in the certificate template satisfies the criteria. + * * @version $Revision$, $Date$ */ public class ExtensionConstraint extends EnrollConstraint { @@ -57,83 +54,71 @@ public class ExtensionConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) throws EPropertyException { if (mConfig.getSubStore("params") == null) { CMS.debug("ExtensionConstraint: mConfig.getSubStore is null"); } else { - CMS.debug("ExtensionConstraint: setConfig name=" + name + - " value=" + value); - - if(name.equals(CONFIG_OID)) - { - try { - CMS.checkOID("", value); - } catch (Exception e) { - throw new EPropertyException( - CMS.getUserMessage("CMS_PROFILE_PROPERTY_ERROR", value)); - } + CMS.debug("ExtensionConstraint: setConfig name=" + name + " value=" + + value); + + if (name.equals(CONFIG_OID)) { + try { + CMS.checkOID("", value); + } catch (Exception e) { + throw new EPropertyException(CMS.getUserMessage( + "CMS_PROFILE_PROPERTY_ERROR", value)); + } } mConfig.getSubStore("params").putString(name, value); } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_OID)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_OID")); } return null; } /** - * Validates the request. The request is not modified - * during the validation. + * Validates the request. The request is not modified during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { - Extension ext = getExtension(getConfig(CONFIG_OID), info); + Extension ext = getExtension(getConfig(CONFIG_OID), info); if (ext == null) { - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - getConfig(CONFIG_OID))); + throw new ERejectException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_EXTENSION_NOT_FOUND", getConfig(CONFIG_OID))); } - // check criticality + // check criticality String value = getConfig(CONFIG_CRITICAL); if (!isOptional(value)) { boolean critical = getBoolean(value); - if (critical != ext.isCritical()) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CRITICAL_NOT_MATCHED")); + if (critical != ext.isCritical()) { + throw new ERejectException(CMS.getUserMessage( + getLocale(request), "CMS_PROFILE_CRITICAL_NOT_MATCHED")); } - } + } } public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_OID) - }; + String params[] = { getConfig(CONFIG_CRITICAL), getConfig(CONFIG_OID) }; - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_EXTENSION_TEXT", params); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java index 56ec0adf1..1952ba168 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.math.BigInteger; import java.security.interfaces.DSAParams; import java.util.HashMap; @@ -44,11 +43,9 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserKeyDefault; - /** - * This constraint is to check the key type and - * key length. - * + * This constraint is to check the key type and key length. + * * @version $Revision$, $Date$ */ @SuppressWarnings("serial") @@ -57,72 +54,306 @@ public class KeyConstraint extends EnrollConstraint { public static final String CONFIG_KEY_TYPE = "keyType"; // (EC, RSA) public static final String CONFIG_KEY_PARAMETERS = "keyParameters"; - private static final String[] ecCurves = {"nistp256","nistp384","nistp521","sect163k1","nistk163","sect163r1","sect163r2", - "nistb163","sect193r1","sect193r2","sect233k1","nistk233","sect233r1","nistb233","sect239k1","sect283k1","nistk283", - "sect283r1","nistb283","sect409k1","nistk409","sect409r1","nistb409","sect571k1","nistk571","sect571r1","nistb571", - "secp160k1","secp160r1","secp160r2","secp192k1","secp192r1","nistp192","secp224k1","secp224r1","nistp224","secp256k1", - "secp256r1","secp384r1","secp521r1","prime192v1","prime192v2","prime192v3","prime239v1","prime239v2","prime239v3","c2pnb163v1", - "c2pnb163v2","c2pnb163v3","c2pnb176v1","c2tnb191v1","c2tnb191v2","c2tnb191v3","c2pnb208w1","c2tnb239v1","c2tnb239v2","c2tnb239v3", - "c2pnb272w1","c2pnb304w1","c2tnb359w1","c2pnb368w1","c2tnb431r1","secp112r1","secp112r2","secp128r1","secp128r2","sect113r1","sect113r2", - "sect131r1","sect131r2" - }; - - private final static HashMap<String,Vector> ecOIDs = new HashMap<String,Vector>(); - static - { - ecOIDs.put( "1.2.840.10045.3.1.7", new Vector() {{add("nistp256");add("secp256r1");}}); - ecOIDs.put( "1.3.132.0.34", new Vector() {{add("nistp384");add("secp384r1");}}); - ecOIDs.put( "1.3.132.0.35", new Vector() {{add("nistp521");add("secp521r1");}}); - ecOIDs.put( "1.3.132.0.1", new Vector() {{add("sect163k1");add("nistk163");}}); - ecOIDs.put( "1.3.132.0.2", new Vector() {{add("sect163r1");}}); - ecOIDs.put( "1.3.132.0.15", new Vector() {{add("sect163r2");add("nistb163");}}); - ecOIDs.put( "1.3.132.0.24", new Vector() {{add("sect193r1");}}); - ecOIDs.put( "1.3.132.0.25", new Vector() {{add("sect193r2");}}); - ecOIDs.put( "1.3.132.0.26", new Vector() {{add("sect233k1");add("nistk233");}}); - ecOIDs.put( "1.3.132.0.27", new Vector() {{add("sect233r1");add("nistb233");}}); - ecOIDs.put( "1.3.132.0.3", new Vector() {{add("sect239k1");}}); - ecOIDs.put( "1.3.132.0.16", new Vector() {{add("sect283k1");add("nistk283");}}); - ecOIDs.put( "1.3.132.0.17", new Vector() {{add("sect283r1");add("nistb283");}}); - ecOIDs.put( "1.3.132.0.36", new Vector() {{add("sect409k1");add("nistk409");}}); - ecOIDs.put( "1.3.132.0.37", new Vector() {{add("sect409r1");add("nistb409");}}); - ecOIDs.put( "1.3.132.0.38", new Vector() {{add("sect571k1"); add("nistk571");}}); - ecOIDs.put( "1.3.132.0.39", new Vector() {{add("sect571r1");add("nistb571");}}); - ecOIDs.put( "1.3.132.0.9", new Vector() {{add("secp160k1");}}); - ecOIDs.put( "1.3.132.0.8", new Vector() {{add("secp160r1");}}); - ecOIDs.put( "1.3.132.0.30", new Vector() {{add("secp160r2");}}); - ecOIDs.put( "1.3.132.0.31", new Vector() {{add("secp192k1");}}); - ecOIDs.put( "1.2.840.10045.3.1.1", new Vector() {{add("secp192r1");add("nistp192");add("prime192v1");}}); - ecOIDs.put( "1.3.132.0.32", new Vector() {{add("secp224k1");}}); - ecOIDs.put( "1.3.132.0.33", new Vector() {{add("secp224r1");add("nistp224");}}); - ecOIDs.put( "1.3.132.0.10", new Vector() {{add("secp256k1");}}); - ecOIDs.put( "1.2.840.10045.3.1.2",new Vector() {{add("prime192v2");}}); - ecOIDs.put( "1.2.840.10045.3.1.3",new Vector() {{add("prime192v3");}}); - ecOIDs.put( "1.2.840.10045.3.1.4",new Vector() {{add("prime239v1");}}); - ecOIDs.put( "1.2.840.10045.3.1.5",new Vector() {{add("prime239v2");}}); - ecOIDs.put( "1.2.840.10045.3.1.6",new Vector() {{add("prime239v3");}}); - ecOIDs.put( "1.2.840.10045.3.0.1", new Vector() {{add("c2pnb163v1");}}); - ecOIDs.put( "1.2.840.10045.3.0.2", new Vector() {{add("c2pnb163v2");}}); - ecOIDs.put( "1.2.840.10045.3.0.3", new Vector() {{add("c2pnb163v3");}}); - ecOIDs.put( "1.2.840.10045.3.0.4", new Vector() {{add("c2pnb176v1");}}); - ecOIDs.put( "1.2.840.10045.3.0.5", new Vector() {{add("c2tnb191v1");}}); - ecOIDs.put( "1.2.840.10045.3.0.6", new Vector() {{add("c2tnb191v2");}}); - ecOIDs.put( "1.2.840.10045.3.0.7", new Vector() {{add("c2tnb191v3");}}); - ecOIDs.put( "1.2.840.10045.3.0.10", new Vector() {{add("c2pnb208w1");}}); - ecOIDs.put( "1.2.840.10045.3.0.11", new Vector() {{add("c2tnb239v1");}}); - ecOIDs.put( "1.2.840.10045.3.0.12", new Vector() {{add("c2tnb239v2");}}); - ecOIDs.put( "1.2.840.10045.3.0.13", new Vector() {{add("c2tnb239v3");}}); - ecOIDs.put( "1.2.840.10045.3.0.16", new Vector() {{add("c2pnb272w1");}}); - ecOIDs.put( "1.2.840.10045.3.0.17", new Vector() {{add("c2pnb304w1");}}); - ecOIDs.put( "1.2.840.10045.3.0.19", new Vector() {{add("c2pnb368w1");}}); - ecOIDs.put( "1.2.840.10045.3.0.20", new Vector() {{add("c2tnb431r1");}}); - ecOIDs.put( "1.3.132.0.6", new Vector() {{add("secp112r1");}}); - ecOIDs.put( "1.3.132.0.7", new Vector() {{add("secp112r2");}}); - ecOIDs.put( "1.3.132.0.28", new Vector() {{add("secp128r1");}}); - ecOIDs.put( "1.3.132.0.29", new Vector() {{add("secp128r2");}}); - ecOIDs.put( "1.3.132.0.4", new Vector() {{add("sect113r1");}}); - ecOIDs.put( "1.3.132.0.5", new Vector() {{add("sect113r2");}}); - ecOIDs.put( "1.3.132.0.22", new Vector() {{add("sect131r1");}}); - ecOIDs.put( "1.3.132.0.23", new Vector() {{add("sect131r2");}}); + private static final String[] ecCurves = { "nistp256", "nistp384", + "nistp521", "sect163k1", "nistk163", "sect163r1", "sect163r2", + "nistb163", "sect193r1", "sect193r2", "sect233k1", "nistk233", + "sect233r1", "nistb233", "sect239k1", "sect283k1", "nistk283", + "sect283r1", "nistb283", "sect409k1", "nistk409", "sect409r1", + "nistb409", "sect571k1", "nistk571", "sect571r1", "nistb571", + "secp160k1", "secp160r1", "secp160r2", "secp192k1", "secp192r1", + "nistp192", "secp224k1", "secp224r1", "nistp224", "secp256k1", + "secp256r1", "secp384r1", "secp521r1", "prime192v1", "prime192v2", + "prime192v3", "prime239v1", "prime239v2", "prime239v3", + "c2pnb163v1", "c2pnb163v2", "c2pnb163v3", "c2pnb176v1", + "c2tnb191v1", "c2tnb191v2", "c2tnb191v3", "c2pnb208w1", + "c2tnb239v1", "c2tnb239v2", "c2tnb239v3", "c2pnb272w1", + "c2pnb304w1", "c2tnb359w1", "c2pnb368w1", "c2tnb431r1", + "secp112r1", "secp112r2", "secp128r1", "secp128r2", "sect113r1", + "sect113r2", "sect131r1", "sect131r2" }; + + private final static HashMap<String, Vector> ecOIDs = new HashMap<String, Vector>(); + static { + ecOIDs.put("1.2.840.10045.3.1.7", new Vector() { + { + add("nistp256"); + add("secp256r1"); + } + }); + ecOIDs.put("1.3.132.0.34", new Vector() { + { + add("nistp384"); + add("secp384r1"); + } + }); + ecOIDs.put("1.3.132.0.35", new Vector() { + { + add("nistp521"); + add("secp521r1"); + } + }); + ecOIDs.put("1.3.132.0.1", new Vector() { + { + add("sect163k1"); + add("nistk163"); + } + }); + ecOIDs.put("1.3.132.0.2", new Vector() { + { + add("sect163r1"); + } + }); + ecOIDs.put("1.3.132.0.15", new Vector() { + { + add("sect163r2"); + add("nistb163"); + } + }); + ecOIDs.put("1.3.132.0.24", new Vector() { + { + add("sect193r1"); + } + }); + ecOIDs.put("1.3.132.0.25", new Vector() { + { + add("sect193r2"); + } + }); + ecOIDs.put("1.3.132.0.26", new Vector() { + { + add("sect233k1"); + add("nistk233"); + } + }); + ecOIDs.put("1.3.132.0.27", new Vector() { + { + add("sect233r1"); + add("nistb233"); + } + }); + ecOIDs.put("1.3.132.0.3", new Vector() { + { + add("sect239k1"); + } + }); + ecOIDs.put("1.3.132.0.16", new Vector() { + { + add("sect283k1"); + add("nistk283"); + } + }); + ecOIDs.put("1.3.132.0.17", new Vector() { + { + add("sect283r1"); + add("nistb283"); + } + }); + ecOIDs.put("1.3.132.0.36", new Vector() { + { + add("sect409k1"); + add("nistk409"); + } + }); + ecOIDs.put("1.3.132.0.37", new Vector() { + { + add("sect409r1"); + add("nistb409"); + } + }); + ecOIDs.put("1.3.132.0.38", new Vector() { + { + add("sect571k1"); + add("nistk571"); + } + }); + ecOIDs.put("1.3.132.0.39", new Vector() { + { + add("sect571r1"); + add("nistb571"); + } + }); + ecOIDs.put("1.3.132.0.9", new Vector() { + { + add("secp160k1"); + } + }); + ecOIDs.put("1.3.132.0.8", new Vector() { + { + add("secp160r1"); + } + }); + ecOIDs.put("1.3.132.0.30", new Vector() { + { + add("secp160r2"); + } + }); + ecOIDs.put("1.3.132.0.31", new Vector() { + { + add("secp192k1"); + } + }); + ecOIDs.put("1.2.840.10045.3.1.1", new Vector() { + { + add("secp192r1"); + add("nistp192"); + add("prime192v1"); + } + }); + ecOIDs.put("1.3.132.0.32", new Vector() { + { + add("secp224k1"); + } + }); + ecOIDs.put("1.3.132.0.33", new Vector() { + { + add("secp224r1"); + add("nistp224"); + } + }); + ecOIDs.put("1.3.132.0.10", new Vector() { + { + add("secp256k1"); + } + }); + ecOIDs.put("1.2.840.10045.3.1.2", new Vector() { + { + add("prime192v2"); + } + }); + ecOIDs.put("1.2.840.10045.3.1.3", new Vector() { + { + add("prime192v3"); + } + }); + ecOIDs.put("1.2.840.10045.3.1.4", new Vector() { + { + add("prime239v1"); + } + }); + ecOIDs.put("1.2.840.10045.3.1.5", new Vector() { + { + add("prime239v2"); + } + }); + ecOIDs.put("1.2.840.10045.3.1.6", new Vector() { + { + add("prime239v3"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.1", new Vector() { + { + add("c2pnb163v1"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.2", new Vector() { + { + add("c2pnb163v2"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.3", new Vector() { + { + add("c2pnb163v3"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.4", new Vector() { + { + add("c2pnb176v1"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.5", new Vector() { + { + add("c2tnb191v1"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.6", new Vector() { + { + add("c2tnb191v2"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.7", new Vector() { + { + add("c2tnb191v3"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.10", new Vector() { + { + add("c2pnb208w1"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.11", new Vector() { + { + add("c2tnb239v1"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.12", new Vector() { + { + add("c2tnb239v2"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.13", new Vector() { + { + add("c2tnb239v3"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.16", new Vector() { + { + add("c2pnb272w1"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.17", new Vector() { + { + add("c2pnb304w1"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.19", new Vector() { + { + add("c2pnb368w1"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.20", new Vector() { + { + add("c2tnb431r1"); + } + }); + ecOIDs.put("1.3.132.0.6", new Vector() { + { + add("secp112r1"); + } + }); + ecOIDs.put("1.3.132.0.7", new Vector() { + { + add("secp112r2"); + } + }); + ecOIDs.put("1.3.132.0.28", new Vector() { + { + add("secp128r1"); + } + }); + ecOIDs.put("1.3.132.0.29", new Vector() { + { + add("secp128r2"); + } + }); + ecOIDs.put("1.3.132.0.4", new Vector() { + { + add("sect113r1"); + } + }); + ecOIDs.put("1.3.132.0.5", new Vector() { + { + add("sect113r2"); + } + }); + ecOIDs.put("1.3.132.0.22", new Vector() { + { + add("sect131r1"); + } + }); + ecOIDs.put("1.3.132.0.23", new Vector() { + { + add("sect131r2"); + } + }); } private static String[] cfgECCurves = null; @@ -136,7 +367,7 @@ public class KeyConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); String ecNames = ""; @@ -148,32 +379,30 @@ public class KeyConstraint extends EnrollConstraint { CMS.debug("KeyConstraint.init ecNames: " + ecNames); if (ecNames != null && ecNames.length() != 0) { cfgECCurves = ecNames.split(","); - } + } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_KEY_TYPE)) { - return new Descriptor(IDescriptor.CHOICE, "-,RSA,EC", - "RSA", + return new Descriptor(IDescriptor.CHOICE, "-,RSA,EC", "RSA", CMS.getUserMessage(locale, "CMS_PROFILE_KEY_TYPE")); - } else if (name.equals(CONFIG_KEY_PARAMETERS)) { - return new Descriptor(IDescriptor.STRING,null,"", - CMS.getUserMessage(locale,"CMS_PROFILE_KEY_PARAMETERS")); + } else if (name.equals(CONFIG_KEY_PARAMETERS)) { + return new Descriptor(IDescriptor.STRING, null, "", + CMS.getUserMessage(locale, "CMS_PROFILE_KEY_PARAMETERS")); } return null; } /** - * Validates the request. The request is not modified - * during the validation. + * Validates the request. The request is not modified during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { try { - CertificateX509Key infokey = (CertificateX509Key) - info.get(X509CertInfo.KEY); - X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY); + CertificateX509Key infokey = (CertificateX509Key) info + .get(X509CertInfo.KEY); + X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY); String alg = key.getAlgorithmId().getName().toUpperCase(); String value = getConfig(CONFIG_KEY_TYPE); @@ -181,29 +410,25 @@ public class KeyConstraint extends EnrollConstraint { if (!isOptional(value)) { if (!alg.equals(value)) { - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_KEY_TYPE_NOT_MATCHED", - value)); + throw new ERejectException(CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_KEY_TYPE_NOT_MATCHED", value)); } } int keySize = 0; String ecCurve = ""; - if (alg.equals("RSA")) { + if (alg.equals("RSA")) { keySize = getRSAKeyLen(key); - } else if (alg.equals("DSA")) { + } else if (alg.equals("DSA")) { keySize = getDSAKeyLen(key); - } else if (alg.equals("EC")) { - //EC key case. + } else if (alg.equals("EC")) { + // EC key case. } else { - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_INVALID_KEY_TYPE", - alg)); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_INVALID_KEY_TYPE", alg)); } value = getConfig(CONFIG_KEY_PARAMETERS); @@ -212,28 +437,26 @@ public class KeyConstraint extends EnrollConstraint { if (alg.equals("EC")) { if (!alg.equals(keyType) && !isOptional(keyType)) { - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", - value)); + throw new ERejectException(CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", value)); } AlgorithmId algid = key.getAlgorithmId(); CMS.debug("algId: " + algid); - //Get raw string representation of alg parameters, will give - //us the curve OID. + // Get raw string representation of alg parameters, will give + // us the curve OID. - String params = null; + String params = null; if (algid != null) { params = algid.getParametersString(); } if (params.startsWith("OID.")) { params = params.substring(4); - } + } CMS.debug("EC key OID: " + params); Vector vect = ecOIDs.get(params); @@ -244,10 +467,12 @@ public class KeyConstraint extends EnrollConstraint { CMS.debug("vect: " + vect.toString()); if (!isOptional(keyType)) { - //Check the curve parameters only if explicit ECC or not optional - for (int i = 0 ; i < keyParams.length ; i ++) { - String ecParam = keyParams[i]; - CMS.debug("keyParams[i]: " + i + " param: " + ecParam); + // Check the curve parameters only if explicit ECC or + // not optional + for (int i = 0; i < keyParams.length; i++) { + String ecParam = keyParams[i]; + CMS.debug("keyParams[i]: " + i + " param: " + + ecParam); if (vect.contains(ecParam)) { curveFound = true; CMS.debug("KeyConstraint.validate: EC key constrainst passed."); @@ -260,21 +485,17 @@ public class KeyConstraint extends EnrollConstraint { } if (!curveFound) { - CMS.debug("KeyConstraint.validate: EC key constrainst failed."); - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", - value)); + CMS.debug("KeyConstraint.validate: EC key constrainst failed."); + throw new ERejectException(CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", value)); } - } else { - if ( !arrayContainsString(keyParams,Integer.toString(keySize))) { - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", - value)); + } else { + if (!arrayContainsString(keyParams, Integer.toString(keySize))) { + throw new ERejectException(CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", value)); } CMS.debug("KeyConstraint.validate: RSA key contraints passed."); } @@ -283,8 +504,8 @@ public class KeyConstraint extends EnrollConstraint { throw (ERejectException) e; } CMS.debug("KeyConstraint: " + e.toString()); - throw new ERejectException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_KEY_NOT_FOUND")); + throw new ERejectException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_KEY_NOT_FOUND")); } } @@ -292,8 +513,7 @@ public class KeyConstraint extends EnrollConstraint { X509Key newkey = null; try { - newkey = new X509Key(AlgorithmId.get("RSA"), - key.getKey()); + newkey = new X509Key(AlgorithmId.get("RSA"), key.getKey()); } catch (Exception e) { CMS.debug("KeyConstraint: getRSAKey Len " + e.toString()); return -1; @@ -315,13 +535,11 @@ public class KeyConstraint extends EnrollConstraint { } public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_KEY_TYPE), - getConfig(CONFIG_KEY_PARAMETERS) - }; + String params[] = { getConfig(CONFIG_KEY_TYPE), + getConfig(CONFIG_KEY_PARAMETERS) }; - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_KEY_TEXT", params); + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_KEY_TEXT", + params); } public boolean isApplicable(IPolicyDefault def) { @@ -332,28 +550,27 @@ public class KeyConstraint extends EnrollConstraint { return false; } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) throws EPropertyException { CMS.debug("KeyConstraint.setConfig name: " + name + " value: " + value); - //establish keyType, we don't know which order these params will arrive + // establish keyType, we don't know which order these params will arrive if (name.equals(CONFIG_KEY_TYPE)) { keyType = value; - if(keyParams.equals("")) - return; + if (keyParams.equals("")) + return; } - - //establish keyParams + + // establish keyParams if (name.equals(CONFIG_KEY_PARAMETERS)) { CMS.debug("establish keyParams: " + value); keyParams = value; - if(keyType.equals("")) + if (keyType.equals("")) return; } - // All the params we need for validation have been collected, + // All the params we need for validation have been collected, // we don't know which order they will show up - if (keyType.length() > 0 && keyParams.length() > 0) { + if (keyType.length() > 0 && keyParams.length() > 0) { String[] params = keyParams.split(","); boolean isECCurve = false; int keySize = 0; @@ -361,48 +578,50 @@ public class KeyConstraint extends EnrollConstraint { for (int i = 0; i < params.length; i++) { if (keyType.equals("EC")) { if (cfgECCurves == null) { - //Use the static array as a backup if the config values are not present. - isECCurve = arrayContainsString(ecCurves,params[i]); + // Use the static array as a backup if the config values + // are not present. + isECCurve = arrayContainsString(ecCurves, params[i]); } else { - isECCurve = arrayContainsString(cfgECCurves,params[i]); + isECCurve = arrayContainsString(cfgECCurves, params[i]); } - if (isECCurve == false) { //Not a valid EC curve throw exception. + if (isECCurve == false) { // Not a valid EC curve throw + // exception. keyType = ""; keyParams = ""; throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", name)); + "CMS_INVALID_PROPERTY", name)); } - } else { + } else { try { keySize = Integer.parseInt(params[i]); } catch (Exception e) { keySize = 0; } - if (keySize <= 0) { + if (keySize <= 0) { keyType = ""; keyParams = ""; throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", name)); + "CMS_INVALID_PROPERTY", name)); } } } - } - //Actually set the configuration in the profile - super.setConfig(CONFIG_KEY_TYPE, keyType); - super.setConfig(CONFIG_KEY_PARAMETERS, keyParams); + } + // Actually set the configuration in the profile + super.setConfig(CONFIG_KEY_TYPE, keyType); + super.setConfig(CONFIG_KEY_PARAMETERS, keyParams); - //Reset the vars for next round. - keyType = ""; - keyParams = ""; + // Reset the vars for next round. + keyType = ""; + keyParams = ""; } private boolean arrayContainsString(String[] array, String value) { if (array == null || value == null) { - return false; - } + return false; + } - for (int i = 0 ; i < array.length; i++) { + for (int i = 0; i < array.length; i++) { if (array[i].equals(value)) { return true; } @@ -411,4 +630,3 @@ public class KeyConstraint extends EnrollConstraint { return false; } } - diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java index 4a483b43d..416222814 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.util.Locale; import netscape.security.x509.KeyUsageExtension; @@ -37,25 +36,19 @@ import com.netscape.cms.profile.def.KeyUsageExtDefault; import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserExtensionDefault; - /** - * This class implements the key usage extension constraint. - * It checks if the key usage constraint in the certificate - * template satisfies the criteria. - * + * This class implements the key usage extension constraint. It checks if the + * key usage constraint in the certificate template satisfies the criteria. + * * @version $Revision$, $Date$ */ public class KeyUsageExtConstraint extends EnrollConstraint { public static final String CONFIG_CRITICAL = "keyUsageCritical"; - public static final String CONFIG_DIGITAL_SIGNATURE = - "keyUsageDigitalSignature"; - public static final String CONFIG_NON_REPUDIATION = - "keyUsageNonRepudiation"; - public static final String CONFIG_KEY_ENCIPHERMENT = - "keyUsageKeyEncipherment"; - public static final String CONFIG_DATA_ENCIPHERMENT = - "keyUsageDataEncipherment"; + public static final String CONFIG_DIGITAL_SIGNATURE = "keyUsageDigitalSignature"; + public static final String CONFIG_NON_REPUDIATION = "keyUsageNonRepudiation"; + public static final String CONFIG_KEY_ENCIPHERMENT = "keyUsageKeyEncipherment"; + public static final String CONFIG_DATA_ENCIPHERMENT = "keyUsageDataEncipherment"; public static final String CONFIG_KEY_AGREEMENT = "keyUsageKeyAgreement"; public static final String CONFIG_KEY_CERTSIGN = "keyUsageKeyCertSign"; public static final String CONFIG_CRL_SIGN = "keyUsageCrlSign"; @@ -77,51 +70,41 @@ public class KeyUsageExtConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_DIGITAL_SIGNATURE)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", CMS.getUserMessage(locale, "CMS_PROFILE_DIGITAL_SIGNATURE")); } else if (name.equals(CONFIG_NON_REPUDIATION)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", CMS.getUserMessage(locale, "CMS_PROFILE_NON_REPUDIATION")); } else if (name.equals(CONFIG_KEY_ENCIPHERMENT)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ENCIPHERMENT")); } else if (name.equals(CONFIG_DATA_ENCIPHERMENT)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", CMS.getUserMessage(locale, "CMS_PROFILE_DATA_ENCIPHERMENT")); } else if (name.equals(CONFIG_KEY_AGREEMENT)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", CMS.getUserMessage(locale, "CMS_PROFILE_KEY_AGREEMENT")); } else if (name.equals(CONFIG_KEY_CERTSIGN)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", CMS.getUserMessage(locale, "CMS_PROFILE_KEY_CERTSIGN")); } else if (name.equals(CONFIG_CRL_SIGN)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", CMS.getUserMessage(locale, "CMS_PROFILE_CRL_SIGN")); } else if (name.equals(CONFIG_ENCIPHER_ONLY)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", CMS.getUserMessage(locale, "CMS_PROFILE_ENCIPHER_ONLY")); } else if (name.equals(CONFIG_DECIPHER_ONLY)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", CMS.getUserMessage(locale, "CMS_PROFILE_DECIPHER_ONLY")); } return null; @@ -134,20 +117,17 @@ public class KeyUsageExtConstraint extends EnrollConstraint { } /** - * Validates the request. The request is not modified - * during the validation. + * Validates the request. The request is not modified during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { - KeyUsageExtension ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + throws ERejectException { + KeyUsageExtension ext = (KeyUsageExtension) getExtension( + PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - PKIXExtensions.KeyUsage_Id.toString())); + throw new ERejectException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_EXTENSION_NOT_FOUND", + PKIXExtensions.KeyUsage_Id.toString())); } boolean[] bits = ext.getBits(); @@ -156,10 +136,9 @@ public class KeyUsageExtConstraint extends EnrollConstraint { if (!isOptional(value)) { boolean critical = getBoolean(value); - if (critical != ext.isCritical()) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CRITICAL_NOT_MATCHED")); + if (critical != ext.isCritical()) { + throw new ERejectException(CMS.getUserMessage( + getLocale(request), "CMS_PROFILE_CRITICAL_NOT_MATCHED")); } } value = getConfig(CONFIG_DIGITAL_SIGNATURE); @@ -167,117 +146,105 @@ public class KeyUsageExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != isSet(bits, 0)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_DIGITAL_SIGNATURE_NOT_MATCHED", - value)); - } + throw new ERejectException(CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_DIGITAL_SIGNATURE_NOT_MATCHED", value)); + } } value = getConfig(CONFIG_NON_REPUDIATION); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 1)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_NON_REPUDIATION_NOT_MATCHED", - value)); - } + throw new ERejectException(CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_NON_REPUDIATION_NOT_MATCHED", value)); + } } value = getConfig(CONFIG_KEY_ENCIPHERMENT); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 2)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_KEY_ENCIPHERMENT_NOT_MATCHED", - value)); - } + throw new ERejectException(CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_KEY_ENCIPHERMENT_NOT_MATCHED", value)); + } } value = getConfig(CONFIG_DATA_ENCIPHERMENT); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 3)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_DATA_ENCIPHERMENT_NOT_MATCHED", - value)); - } + throw new ERejectException(CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_DATA_ENCIPHERMENT_NOT_MATCHED", value)); + } } value = getConfig(CONFIG_KEY_AGREEMENT); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 4)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_KEY_AGREEMENT_NOT_MATCHED", - value)); - } + throw new ERejectException(CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_KEY_AGREEMENT_NOT_MATCHED", value)); + } } value = getConfig(CONFIG_KEY_CERTSIGN); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 5)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_KEY_CERTSIGN_NOT_MATCHED", - value)); - } + throw new ERejectException(CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_KEY_CERTSIGN_NOT_MATCHED", value)); + } } value = getConfig(CONFIG_CRL_SIGN); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 6)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CRL_SIGN_NOT_MATCHED", - value)); - } + throw new ERejectException(CMS.getUserMessage( + getLocale(request), "CMS_PROFILE_CRL_SIGN_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_ENCIPHER_ONLY); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 7)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_ENCIPHER_ONLY_NOT_MATCHED", - value)); - } + throw new ERejectException(CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_ENCIPHER_ONLY_NOT_MATCHED", value)); + } } value = getConfig(CONFIG_DECIPHER_ONLY); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 8)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_DECIPHER_ONLY_NOT_MATCHED", - value)); - } + throw new ERejectException(CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_DECIPHER_ONLY_NOT_MATCHED", value)); + } } } public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), + String params[] = { getConfig(CONFIG_CRITICAL), getConfig(CONFIG_DIGITAL_SIGNATURE), getConfig(CONFIG_NON_REPUDIATION), getConfig(CONFIG_KEY_ENCIPHERMENT), getConfig(CONFIG_DATA_ENCIPHERMENT), getConfig(CONFIG_KEY_AGREEMENT), - getConfig(CONFIG_KEY_CERTSIGN), - getConfig(CONFIG_CRL_SIGN), + getConfig(CONFIG_KEY_CERTSIGN), getConfig(CONFIG_CRL_SIGN), getConfig(CONFIG_ENCIPHER_ONLY), - getConfig(CONFIG_DECIPHER_ONLY) - }; + getConfig(CONFIG_DECIPHER_ONLY) }; - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_KEY_USAGE_EXT_TEXT", params); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java index fe20b766c..bd2885472 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.util.Locale; import netscape.security.extensions.NSCertTypeExtension; @@ -36,12 +35,11 @@ import com.netscape.cms.profile.def.NSCertTypeExtDefault; import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserExtensionDefault; - /** - * This class implements the Netscape certificate type extension constraint. - * It checks if the Netscape certificate type extension in the certificate - * template satisfies the criteria. - * + * This class implements the Netscape certificate type extension constraint. It + * checks if the Netscape certificate type extension in the certificate template + * satisfies the criteria. + * * @version $Revision$, $Date$ */ public class NSCertTypeExtConstraint extends EnrollConstraint { @@ -68,63 +66,51 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_SSL_CLIENT)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CLIENT")); } else if (name.equals(CONFIG_SSL_SERVER)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", CMS.getUserMessage(locale, "CMS_PROFILE_SSL_SERVER")); } else if (name.equals(CONFIG_EMAIL)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL")); } else if (name.equals(CONFIG_OBJECT_SIGNING)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING")); } else if (name.equals(CONFIG_SSL_CA)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CA")); } else if (name.equals(CONFIG_EMAIL_CA)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL_CA")); } else if (name.equals(CONFIG_OBJECT_SIGNING_CA)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", - CMS.getUserMessage(locale, - "CMS_PROFILE_OBJECT_SIGNING_CA")); + return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", + CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING_CA")); } return null; } /** - * Validates the request. The request is not modified - * during the validation. + * Validates the request. The request is not modified during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { - NSCertTypeExtension ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + throws ERejectException { + NSCertTypeExtension ext = (NSCertTypeExtension) getExtension( + NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - NSCertTypeExtension.CertType_Id.toString())); + throw new ERejectException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_EXTENSION_NOT_FOUND", + NSCertTypeExtension.CertType_Id.toString())); } String value = getConfig(CONFIG_CRITICAL); @@ -132,10 +118,9 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { if (!isOptional(value)) { boolean critical = getBoolean(value); - if (critical != ext.isCritical()) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CRITICAL_NOT_MATCHED")); + if (critical != ext.isCritical()) { + throw new ERejectException(CMS.getUserMessage( + getLocale(request), "CMS_PROFILE_CRITICAL_NOT_MATCHED")); } } value = getConfig(CONFIG_SSL_CLIENT); @@ -143,10 +128,9 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(0)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SSL_CLIENT_NOT_MATCHED", - value)); + throw new ERejectException(CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_SSL_CLIENT_NOT_MATCHED", value)); } } value = getConfig(CONFIG_SSL_SERVER); @@ -154,10 +138,9 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(1)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SSL_SERVER_NOT_MATCHED", - value)); + throw new ERejectException(CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_SSL_SERVER_NOT_MATCHED", value)); } } value = getConfig(CONFIG_EMAIL); @@ -165,10 +148,9 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(2)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_EMAIL_NOT_MATCHED", - value)); + throw new ERejectException(CMS.getUserMessage( + getLocale(request), "CMS_PROFILE_EMAIL_NOT_MATCHED", + value)); } } value = getConfig(CONFIG_OBJECT_SIGNING); @@ -176,10 +158,9 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(3)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_OBJECT_SIGNING_NOT_MATCHED", - value)); + throw new ERejectException(CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_OBJECT_SIGNING_NOT_MATCHED", value)); } } value = getConfig(CONFIG_SSL_CA); @@ -187,10 +168,9 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(4)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SSL_CA_NOT_MATCHED", - value)); + throw new ERejectException(CMS.getUserMessage( + getLocale(request), "CMS_PROFILE_SSL_CA_NOT_MATCHED", + value)); } } value = getConfig(CONFIG_EMAIL_CA); @@ -198,10 +178,9 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(5)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_EMAIL_CA_NOT_MATCHED", - value)); + throw new ERejectException(CMS.getUserMessage( + getLocale(request), "CMS_PROFILE_EMAIL_CA_NOT_MATCHED", + value)); } } value = getConfig(CONFIG_OBJECT_SIGNING_CA); @@ -209,27 +188,21 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(6)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_OBJECT_SIGNING_CA_NOT_MATCHED", - value)); + throw new ERejectException(CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_OBJECT_SIGNING_CA_NOT_MATCHED", value)); } } } public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_SSL_CLIENT), - getConfig(CONFIG_SSL_SERVER), - getConfig(CONFIG_EMAIL), - getConfig(CONFIG_OBJECT_SIGNING), - getConfig(CONFIG_SSL_CA), - getConfig(CONFIG_EMAIL_CA), - getConfig(CONFIG_OBJECT_SIGNING_CA) - }; - - return CMS.getUserMessage(locale, + String params[] = { getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_SSL_CLIENT), getConfig(CONFIG_SSL_SERVER), + getConfig(CONFIG_EMAIL), getConfig(CONFIG_OBJECT_SIGNING), + getConfig(CONFIG_SSL_CA), getConfig(CONFIG_EMAIL_CA), + getConfig(CONFIG_OBJECT_SIGNING_CA) }; + + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_NS_CERT_EXT_TEXT", params); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java index 108c32b17..47de8e3fb 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -34,17 +33,16 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements no constraint. - * + * * @version $Revision$, $Date$ */ public class NoConstraint implements IPolicyConstraint { public static final String CONFIG_NAME = "name"; - private IConfigStore mConfig = null; + private IConfigStore mConfig = null; private Vector mNames = new Vector(); public Enumeration getConfigNames() { @@ -55,8 +53,7 @@ public class NoConstraint implements IPolicyConstraint { return null; } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) throws EPropertyException { } public String getConfig(String name) { @@ -68,7 +65,7 @@ public class NoConstraint implements IPolicyConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mConfig = config; } @@ -77,15 +74,13 @@ public class NoConstraint implements IPolicyConstraint { } /** - * Validates the request. The request is not modified - * during the validation. + * Validates the request. The request is not modified during the validation. */ - public void validate(IRequest request) - throws ERejectException { + public void validate(IRequest request) throws ERejectException { } public String getText(Locale locale) { - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_NO_CONSTRAINT_TEXT"); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java index 91d5a46aa..d09fd779a 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.math.BigInteger; import java.util.Date; import java.util.Locale; @@ -36,17 +35,16 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.def.NoDefault; - /** - * This class supports renewal grace period, which has two - * parameters: graceBefore and graceAfter - * + * This class supports renewal grace period, which has two parameters: + * graceBefore and graceAfter + * * @author Christina Fu * @version $Revision$, $Date$ */ public class RenewGracePeriodConstraint extends EnrollConstraint { - // for renewal: # of days before the orig cert expiration date + // for renewal: # of days before the orig cert expiration date public static final String CONFIG_RENEW_GRACE_BEFORE = "renewal.graceBefore"; // for renewal: # of days after the orig cert expiration date public static final String CONFIG_RENEW_GRACE_AFTER = "renewal.graceAfter"; @@ -58,27 +56,30 @@ public class RenewGracePeriodConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public void setConfig(String name, String value) - throws EPropertyException { - if ( name.equals(CONFIG_RENEW_GRACE_BEFORE) || - name.equals(CONFIG_RENEW_GRACE_AFTER)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + public void setConfig(String name, String value) throws EPropertyException { + if (name.equals(CONFIG_RENEW_GRACE_BEFORE) + || name.equals(CONFIG_RENEW_GRACE_AFTER)) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_RENEW_GRACE_BEFORE +" or "+ CONFIG_RENEW_GRACE_AFTER)); - } + "CMS_INVALID_PROPERTY", CONFIG_RENEW_GRACE_BEFORE + + " or " + CONFIG_RENEW_GRACE_AFTER)); + } } super.setConfig(name, value); } public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_RENEW_GRACE_BEFORE)) { - return new Descriptor(IDescriptor.INTEGER, null, "30", + return new Descriptor( + IDescriptor.INTEGER, + null, + "30", CMS.getUserMessage(locale, "CMS_PROFILE_RENEW_GRACE_BEFORE")); } else if (name.equals(CONFIG_RENEW_GRACE_AFTER)) { return new Descriptor(IDescriptor.INTEGER, null, "30", @@ -88,75 +89,82 @@ public class RenewGracePeriodConstraint extends EnrollConstraint { } public void validate(IRequest req, X509CertInfo info) - throws ERejectException { - String origExpDate_s = req.getExtDataInString("origNotAfter"); - // probably not for renewal - if (origExpDate_s == null) { - return; - } else { - CMS.debug("validate RenewGracePeriod: original cert expiration date found... renewing"); - } - CMS.debug("ValidilityConstraint: validateRenewGraceperiod begins"); - BigInteger origExpDate_BI = new BigInteger(origExpDate_s); - Date origExpDate = new Date(origExpDate_BI.longValue()); - String renew_grace_before_s = getConfig(CONFIG_RENEW_GRACE_BEFORE); - String renew_grace_after_s = getConfig(CONFIG_RENEW_GRACE_AFTER); - int renew_grace_before = 0; - int renew_grace_after = 0; - BigInteger renew_grace_before_BI = new BigInteger(renew_grace_before_s); - BigInteger renew_grace_after_BI= new BigInteger(renew_grace_after_s); - - // -1 means no limit - if (renew_grace_before_s == "") - renew_grace_before = -1; - else - renew_grace_before = Integer.parseInt(renew_grace_before_s); - - if (renew_grace_after_s == "") - renew_grace_after = -1; - else - renew_grace_after = Integer.parseInt(renew_grace_after_s); - - if (renew_grace_before > 0) - renew_grace_before_BI = renew_grace_before_BI.multiply(BigInteger.valueOf(1000 * 86400)); - if (renew_grace_after > 0) - renew_grace_after_BI = renew_grace_after_BI.multiply(BigInteger.valueOf(1000 * 86400)); - - Date current = CMS.getCurrentDate(); - long millisDiff = origExpDate.getTime() - current.getTime(); - CMS.debug("validateRenewGracePeriod: millisDiff=" + millisDiff + " origExpDate=" + origExpDate.getTime() + " current=" + current.getTime()); - - /* - * "days", if positive, has to be less than renew_grace_before - * "days", if negative, means already past expiration date, - * (abs value) has to be less than renew_grace_after - * if renew_grace_before or renew_grace_after are negative - * the one with negative value is ignored - */ - if (millisDiff >= 0) { - if ((renew_grace_before>0) && (millisDiff > renew_grace_before_BI.longValue())) { - throw new ERejectException(CMS.getUserMessage(getLocale(req), - "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD", - renew_grace_before+" days before and "+ - renew_grace_after+" days after original cert expiration date")); - } - } else { - if ((renew_grace_after > 0) && ((0-millisDiff) > renew_grace_after_BI.longValue())) { - throw new ERejectException(CMS.getUserMessage(getLocale(req), - "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD", - renew_grace_before+" days before and "+ - renew_grace_after+" days after original cert expiration date")); - } - } + throws ERejectException { + String origExpDate_s = req.getExtDataInString("origNotAfter"); + // probably not for renewal + if (origExpDate_s == null) { + return; + } else { + CMS.debug("validate RenewGracePeriod: original cert expiration date found... renewing"); + } + CMS.debug("ValidilityConstraint: validateRenewGraceperiod begins"); + BigInteger origExpDate_BI = new BigInteger(origExpDate_s); + Date origExpDate = new Date(origExpDate_BI.longValue()); + String renew_grace_before_s = getConfig(CONFIG_RENEW_GRACE_BEFORE); + String renew_grace_after_s = getConfig(CONFIG_RENEW_GRACE_AFTER); + int renew_grace_before = 0; + int renew_grace_after = 0; + BigInteger renew_grace_before_BI = new BigInteger(renew_grace_before_s); + BigInteger renew_grace_after_BI = new BigInteger(renew_grace_after_s); + + // -1 means no limit + if (renew_grace_before_s == "") + renew_grace_before = -1; + else + renew_grace_before = Integer.parseInt(renew_grace_before_s); + + if (renew_grace_after_s == "") + renew_grace_after = -1; + else + renew_grace_after = Integer.parseInt(renew_grace_after_s); + + if (renew_grace_before > 0) + renew_grace_before_BI = renew_grace_before_BI.multiply(BigInteger + .valueOf(1000 * 86400)); + if (renew_grace_after > 0) + renew_grace_after_BI = renew_grace_after_BI.multiply(BigInteger + .valueOf(1000 * 86400)); + + Date current = CMS.getCurrentDate(); + long millisDiff = origExpDate.getTime() - current.getTime(); + CMS.debug("validateRenewGracePeriod: millisDiff=" + millisDiff + + " origExpDate=" + origExpDate.getTime() + " current=" + + current.getTime()); + + /* + * "days", if positive, has to be less than renew_grace_before "days", + * if negative, means already past expiration date, (abs value) has to + * be less than renew_grace_after if renew_grace_before or + * renew_grace_after are negative the one with negative value is ignored + */ + if (millisDiff >= 0) { + if ((renew_grace_before > 0) + && (millisDiff > renew_grace_before_BI.longValue())) { + throw new ERejectException(CMS.getUserMessage(getLocale(req), + "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD", + renew_grace_before + " days before and " + + renew_grace_after + + " days after original cert expiration date")); + } + } else { + if ((renew_grace_after > 0) + && ((0 - millisDiff) > renew_grace_after_BI.longValue())) { + throw new ERejectException(CMS.getUserMessage(getLocale(req), + "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD", + renew_grace_before + " days before and " + + renew_grace_after + + " days after original cert expiration date")); + } + } } - public String getText(Locale locale) { String renew_grace_before_s = getConfig(CONFIG_RENEW_GRACE_BEFORE); - String renew_grace_after_s= getConfig(CONFIG_RENEW_GRACE_AFTER); - return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_VALIDITY_TEXT", - renew_grace_before_s+" days before and "+ - renew_grace_after_s+" days after original cert expiration date"); + String renew_grace_after_s = getConfig(CONFIG_RENEW_GRACE_AFTER); + return CMS.getUserMessage(locale, + "CMS_PROFILE_CONSTRAINT_VALIDITY_TEXT", renew_grace_before_s + + " days before and " + renew_grace_after_s + + " days after original cert expiration date"); } public boolean isApplicable(IPolicyDefault def) { diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java index f570c26e6..40a34c0b3 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.util.Locale; import java.util.StringTokenizer; import java.util.Vector; @@ -40,12 +39,10 @@ import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.SigningAlgDefault; import com.netscape.cms.profile.def.UserSigningAlgDefault; - /** - * This class implements the signing algorithm constraint. - * It checks if the signing algorithm in the certificate - * template satisfies the criteria. - * + * This class implements the signing algorithm constraint. It checks if the + * signing algorithm in the certificate template satisfies the criteria. + * * @version $Revision$, $Date$ */ public class SigningAlgConstraint extends EnrollConstraint { @@ -69,29 +66,27 @@ public class SigningAlgConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) throws EPropertyException { if (mConfig.getSubStore("params") == null) { CMS.debug("SigningAlgConstraint: mConfig.getSubStore is null"); } else { - CMS.debug("SigningAlgConstraint: setConfig name=" + name + - " value=" + value); - - if(name.equals(CONFIG_ALGORITHMS_ALLOWED)) - { - StringTokenizer st = new StringTokenizer(value, ","); - while (st.hasMoreTokens()) { - String v = st.nextToken(); - if (DEF_CONFIG_ALGORITHMS.indexOf(v) == -1) { - throw new EPropertyException( - CMS.getUserMessage("CMS_PROFILE_PROPERTY_ERROR", v)); - } - } + CMS.debug("SigningAlgConstraint: setConfig name=" + name + + " value=" + value); + + if (name.equals(CONFIG_ALGORITHMS_ALLOWED)) { + StringTokenizer st = new StringTokenizer(value, ","); + while (st.hasMoreTokens()) { + String v = st.nextToken(); + if (DEF_CONFIG_ALGORITHMS.indexOf(v) == -1) { + throw new EPropertyException(CMS.getUserMessage( + "CMS_PROFILE_PROPERTY_ERROR", v)); + } + } } mConfig.getSubStore("params").putString(name, value); } @@ -100,25 +95,24 @@ public class SigningAlgConstraint extends EnrollConstraint { public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_ALGORITHMS_ALLOWED)) { return new Descriptor(IDescriptor.STRING, null, - DEF_CONFIG_ALGORITHMS, - CMS.getUserMessage(locale, - "CMS_PROFILE_SIGNING_ALGORITHMS_ALLOWED")); + DEF_CONFIG_ALGORITHMS, CMS.getUserMessage(locale, + "CMS_PROFILE_SIGNING_ALGORITHMS_ALLOWED")); } return null; } /** - * Validates the request. The request is not modified - * during the validation. + * Validates the request. The request is not modified during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { CertificateAlgorithmId algId = null; try { - algId = (CertificateAlgorithmId) info.get(X509CertInfo.ALGORITHM_ID); - AlgorithmId id = (AlgorithmId) - algId.get(CertificateAlgorithmId.ALGORITHM); + algId = (CertificateAlgorithmId) info + .get(X509CertInfo.ALGORITHM_ID); + AlgorithmId id = (AlgorithmId) algId + .get(CertificateAlgorithmId.ALGORITHM); Vector mCache = new Vector(); StringTokenizer st = new StringTokenizer( @@ -132,22 +126,25 @@ public class SigningAlgConstraint extends EnrollConstraint { if (!mCache.contains(id.toString())) { throw new ERejectException(CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_SIGNING_ALGORITHM_NOT_MATCHED", id.toString())); + getLocale(request), + "CMS_PROFILE_SIGNING_ALGORITHM_NOT_MATCHED", + id.toString())); } } catch (Exception e) { if (e instanceof ERejectException) { throw (ERejectException) e; } CMS.debug("SigningAlgConstraint: " + e.toString()); - throw new ERejectException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_SIGNING_ALGORITHM_NOT_FOUND")); + throw new ERejectException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SIGNING_ALGORITHM_NOT_FOUND")); } } public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_SIGNING_ALG_TEXT", getConfig(CONFIG_ALGORITHMS_ALLOWED)); + return CMS.getUserMessage(locale, + "CMS_PROFILE_CONSTRAINT_SIGNING_ALG_TEXT", + getConfig(CONFIG_ALGORITHMS_ALLOWED)); } public boolean isApplicable(IPolicyDefault def) { diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java index 7ce32f00e..547ce4336 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.io.IOException; import java.util.Locale; @@ -38,12 +37,10 @@ import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.SubjectNameDefault; import com.netscape.cms.profile.def.UserSubjectNameDefault; - /** - * This class implements the subject name constraint. - * It checks if the subject name in the certificate - * template satisfies the criteria. - * + * This class implements the subject name constraint. It checks if the subject + * name in the certificate template satisfies the criteria. + * * @version $Revision$, $Date$ */ public class SubjectNameConstraint extends EnrollConstraint { @@ -56,15 +53,15 @@ public class SubjectNameConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_PATTERN)) { - return new Descriptor(IDescriptor.STRING, - null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME_PATTERN")); + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_PATTERN)) { + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_NAME_PATTERN")); } else { return null; } @@ -75,54 +72,48 @@ public class SubjectNameConstraint extends EnrollConstraint { } /** - * Validates the request. The request is not modified - * during the validation. + * Validates the request. The request is not modified during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { CMS.debug("SubjectNameConstraint: validate start"); CertificateSubjectName sn = null; try { sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); - CMS.debug("SubjectNameConstraint: validate cert subject ="+ - sn.toString()); + CMS.debug("SubjectNameConstraint: validate cert subject =" + + sn.toString()); } catch (Exception e) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + throw new ERejectException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } X500Name sn500 = null; try { sn500 = (X500Name) sn.get(CertificateSubjectName.DN_NAME); } catch (IOException e) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + throw new ERejectException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } if (sn500 == null) { CMS.debug("SubjectNameConstraint: validate() - sn500 is null"); - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + throw new ERejectException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } else { - CMS.debug("SubjectNameConstraint: validate() - sn500 "+ - CertificateSubjectName.DN_NAME + " = "+ - sn500.toString()); + CMS.debug("SubjectNameConstraint: validate() - sn500 " + + CertificateSubjectName.DN_NAME + " = " + sn500.toString()); } if (!sn500.toString().matches(getConfig(CONFIG_PATTERN))) { - CMS.debug("SubjectNameConstraint: validate() - sn500 not matching pattern "+ getConfig(CONFIG_PATTERN)); - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_MATCHED", - sn500.toString())); + CMS.debug("SubjectNameConstraint: validate() - sn500 not matching pattern " + + getConfig(CONFIG_PATTERN)); + throw new ERejectException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_MATCHED", sn500.toString())); } } public String getText(Locale locale) { - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_SUBJECT_NAME_TEXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_CONSTRAINT_SUBJECT_NAME_TEXT", getConfig(CONFIG_PATTERN)); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java index b47e2230d..f02a5c7c8 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.util.Enumeration; import java.util.Locale; @@ -43,57 +42,52 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.def.NoDefault; /** - * This constraint is to check for publickey uniqueness. - * The config param "allowSameKeyRenewal" enables the - * situation where if the publickey is not unique, and if - * the subject DN is the same, that is a "renewal". - * - * Another "feature" that is quoted out of this code is the - * "revokeDupKeyCert" option, which enables the revocation - * of certs that bear the same publickey as the enrolling - * request. Since this can potentially be abused, it is taken - * out and preserved in comments to allow future refinement. - * + * This constraint is to check for publickey uniqueness. The config param + * "allowSameKeyRenewal" enables the situation where if the publickey is not + * unique, and if the subject DN is the same, that is a "renewal". + * + * Another "feature" that is quoted out of this code is the "revokeDupKeyCert" + * option, which enables the revocation of certs that bear the same publickey as + * the enrolling request. Since this can potentially be abused, it is taken out + * and preserved in comments to allow future refinement. + * * @version $Revision$, $Date$ */ public class UniqueKeyConstraint extends EnrollConstraint { - /* - public static final String CONFIG_REVOKE_DUPKEY_CERT = - "revokeDupKeyCert"; - boolean mRevokeDupKeyCert = false; - */ - public static final String CONFIG_ALLOW_SAME_KEY_RENEWAL = - "allowSameKeyRenewal"; - boolean mAllowSameKeyRenewal = false; + /* + * public static final String CONFIG_REVOKE_DUPKEY_CERT = + * "revokeDupKeyCert"; boolean mRevokeDupKeyCert = false; + */ + public static final String CONFIG_ALLOW_SAME_KEY_RENEWAL = "allowSameKeyRenewal"; + boolean mAllowSameKeyRenewal = false; public ICertificateAuthority mCA = null; - public UniqueKeyConstraint() { - super(); - /* - addConfigName(CONFIG_REVOKE_DUPKEY_CERT); - */ - addConfigName(CONFIG_ALLOW_SAME_KEY_RENEWAL); - } + public UniqueKeyConstraint() { + super(); + /* + * addConfigName(CONFIG_REVOKE_DUPKEY_CERT); + */ + addConfigName(CONFIG_ALLOW_SAME_KEY_RENEWAL); + } - public void init(IProfile profile, IConfigStore config) - throws EProfileException { + public void init(IProfile profile, IConfigStore config) + throws EProfileException { super.init(profile, config); - mCA = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + mCA = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); } - public IDescriptor getConfigDescriptor(Locale locale, String name) - { - /* - if (name.equals(CONFIG_REVOKE_DUPKEY_CERT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_REVOKE_DUPKEY_CERT")); - } - */ - if (name.equals(CONFIG_ALLOW_SAME_KEY_RENEWAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_ALLOW_SAME_KEY_RENEWAL")); - } + public IDescriptor getConfigDescriptor(Locale locale, String name) { + /* + * if (name.equals(CONFIG_REVOKE_DUPKEY_CERT)) { return new + * Descriptor(IDescriptor.BOOLEAN, null, "false", + * CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_REVOKE_DUPKEY_CERT")); + * } + */ + if (name.equals(CONFIG_ALLOW_SAME_KEY_RENEWAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", + CMS.getUserMessage(locale, + "CMS_PROFILE_CONFIG_ALLOW_SAME_KEY_RENEWAL")); + } return null; } @@ -102,173 +96,156 @@ public class UniqueKeyConstraint extends EnrollConstraint { } /** - * Validates the request. The request is not modified - * during the validation. + * Validates the request. The request is not modified during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { - boolean rejected = false; - int size = 0; - ICertRecordList list; + throws ERejectException { + boolean rejected = false; + int size = 0; + ICertRecordList list; - /* - mRevokeDupKeyCert = - getConfigBoolean(CONFIG_REVOKE_DUPKEY_CERT); - */ - mAllowSameKeyRenewal = getConfigBoolean(CONFIG_ALLOW_SAME_KEY_RENEWAL); + /* + * mRevokeDupKeyCert = getConfigBoolean(CONFIG_REVOKE_DUPKEY_CERT); + */ + mAllowSameKeyRenewal = getConfigBoolean(CONFIG_ALLOW_SAME_KEY_RENEWAL); try { - CertificateX509Key infokey = (CertificateX509Key) - info.get(X509CertInfo.KEY); - X509Key key = (X509Key) - infokey.get(CertificateX509Key.KEY); - - // check for key uniqueness - byte pub[] = key.getEncoded(); - String pub_s = escapeBinaryData(pub); - String filter = "(" + ICertRecord.ATTR_X509CERT_PUBLIC_KEY_DATA +"=" + pub_s + ")"; - list = - (ICertRecordList) - mCA.getCertificateRepository().findCertRecordsInList(filter, null, 10); - size = list.getSize(); + CertificateX509Key infokey = (CertificateX509Key) info + .get(X509CertInfo.KEY); + X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY); + + // check for key uniqueness + byte pub[] = key.getEncoded(); + String pub_s = escapeBinaryData(pub); + String filter = "(" + ICertRecord.ATTR_X509CERT_PUBLIC_KEY_DATA + + "=" + pub_s + ")"; + list = (ICertRecordList) mCA.getCertificateRepository() + .findCertRecordsInList(filter, null, 10); + size = list.getSize(); } catch (Exception e) { - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_INTERNAL_ERROR",e.toString())); - } - - /* - * It does not matter if the corresponding cert's status - * is valid or not, we don't want a key that was once - * generated before - */ - if (size > 0) { - CMS.debug("UniqueKeyConstraint: found existing cert with duplicate key."); - - /* - The following code revokes the existing certs that have - the same public key as the one submitted for enrollment - request. However, it is not a good idea due to possible - abuse. It is therefore commented out. It is still - however still maintained for possible utilization at later - time - - // if configured to revoke duplicated key - // revoke cert - if (mRevokeDupKeyCert) { - try { - Enumeration e = list.getCertRecords(0, size-1); - while (e != null && e.hasMoreElements()) { - ICertRecord rec = (ICertRecord) e.nextElement(); - X509CertImpl cert = rec.getCertificate(); - - // revoke the cert - BigInteger serialNum = cert.getSerialNumber(); - ICAService service = (ICAService) mCA.getCAService(); - - RevokedCertImpl crlEntry = - formCRLEntry(serialNum, RevocationReason.KEY_COMPROMISE); - service.revokeCert(crlEntry); - CMS.debug("UniqueKeyConstraint: certificate with duplicate publickey revoked successfully"); - } - } catch (Exception ex) { - CMS.debug("UniqueKeyConstraint: error in revoke dupkey cert"); - } - } // revoke dupkey cert turned on - */ - - if (mAllowSameKeyRenewal == true) { - X500Name sjname_in_db = null; - X500Name sjname_in_req = null; - - try { - // get subject of request - CertificateSubjectName subName = - (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); - - if (subName != null) { - - sjname_in_req = - (X500Name) subName.get(CertificateSubjectName.DN_NAME); - CMS.debug("UniqueKeyConstraint: cert request subject DN ="+ sjname_in_req.toString()); - Enumeration e = list.getCertRecords(0, size-1); - while (e != null && e.hasMoreElements()) { - ICertRecord rec = (ICertRecord) e.nextElement(); - X509CertImpl cert = rec.getCertificate(); - String certDN = - cert.getSubjectDN().toString(); - CMS.debug("UniqueKeyConstraint: cert retrieved from ldap has subject DN ="+ certDN); - - sjname_in_db = new X500Name(certDN); - - if (sjname_in_db.equals(sjname_in_req) == false) { - rejected = true; - break; - } else { - rejected = false; - } - } // while - } else { //subName is null - rejected = true; - } - } catch (Exception ex1) { - CMS.debug("UniqueKeyConstraint: error in allowSameKeyRenewal: "+ex1.toString()); - rejected = true; - } // try - - } else { - rejected = true; - }// allowSameKeyRenewal - } // (size > 0) + throw new ERejectException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_INTERNAL_ERROR", e.toString())); + } - if (rejected == true) { - CMS.debug("UniqueKeyConstraint: rejected"); - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_DUPLICATE_KEY")); - } else { - CMS.debug("UniqueKeyConstraint: approved"); - } + /* + * It does not matter if the corresponding cert's status is valid or + * not, we don't want a key that was once generated before + */ + if (size > 0) { + CMS.debug("UniqueKeyConstraint: found existing cert with duplicate key."); + + /* + * The following code revokes the existing certs that have the same + * public key as the one submitted for enrollment request. However, + * it is not a good idea due to possible abuse. It is therefore + * commented out. It is still however still maintained for possible + * utilization at later time + * + * // if configured to revoke duplicated key // revoke cert if + * (mRevokeDupKeyCert) { try { Enumeration e = + * list.getCertRecords(0, size-1); while (e != null && + * e.hasMoreElements()) { ICertRecord rec = (ICertRecord) + * e.nextElement(); X509CertImpl cert = rec.getCertificate(); + * + * // revoke the cert BigInteger serialNum = cert.getSerialNumber(); + * ICAService service = (ICAService) mCA.getCAService(); + * + * RevokedCertImpl crlEntry = formCRLEntry(serialNum, + * RevocationReason.KEY_COMPROMISE); service.revokeCert(crlEntry); + * CMS.debug( + * "UniqueKeyConstraint: certificate with duplicate publickey revoked successfully" + * ); } } catch (Exception ex) { + * CMS.debug("UniqueKeyConstraint: error in revoke dupkey cert"); } + * } // revoke dupkey cert turned on + */ + + if (mAllowSameKeyRenewal == true) { + X500Name sjname_in_db = null; + X500Name sjname_in_req = null; + + try { + // get subject of request + CertificateSubjectName subName = (CertificateSubjectName) info + .get(X509CertInfo.SUBJECT); + + if (subName != null) { + + sjname_in_req = (X500Name) subName + .get(CertificateSubjectName.DN_NAME); + CMS.debug("UniqueKeyConstraint: cert request subject DN =" + + sjname_in_req.toString()); + Enumeration e = list.getCertRecords(0, size - 1); + while (e != null && e.hasMoreElements()) { + ICertRecord rec = (ICertRecord) e.nextElement(); + X509CertImpl cert = rec.getCertificate(); + String certDN = cert.getSubjectDN().toString(); + CMS.debug("UniqueKeyConstraint: cert retrieved from ldap has subject DN =" + + certDN); + + sjname_in_db = new X500Name(certDN); + + if (sjname_in_db.equals(sjname_in_req) == false) { + rejected = true; + break; + } else { + rejected = false; + } + } // while + } else { // subName is null + rejected = true; + } + } catch (Exception ex1) { + CMS.debug("UniqueKeyConstraint: error in allowSameKeyRenewal: " + + ex1.toString()); + rejected = true; + } // try + + } else { + rejected = true; + }// allowSameKeyRenewal + } // (size > 0) + + if (rejected == true) { + CMS.debug("UniqueKeyConstraint: rejected"); + throw new ERejectException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_DUPLICATE_KEY")); + } else { + CMS.debug("UniqueKeyConstraint: approved"); + } } - /** + /** * make a CRL entry from a serial number and revocation reason. + * * @return a RevokedCertImpl that can be entered in a CRL. - - protected RevokedCertImpl formCRLEntry( - BigInteger serialNo, RevocationReason reason) - throws EBaseException { - CRLReasonExtension reasonExt = new CRLReasonExtension(reason); - CRLExtensions crlentryexts = new CRLExtensions(); - - try { - crlentryexts.set(CRLReasonExtension.NAME, reasonExt); - } catch (IOException e) { - CMS.debug("CMSGW_ERR_CRL_REASON "+e.toString()); - - // throw new ECMSGWException( - // CMS.getLogMessage("CMSGW_ERROR_SETTING_CRLREASON")); - - } - RevokedCertImpl crlentry = - new RevokedCertImpl(serialNo, CMS.getCurrentDate(), - crlentryexts); - - return crlentry; - } - */ + * + * protected RevokedCertImpl formCRLEntry( BigInteger serialNo, + * RevocationReason reason) throws EBaseException { + * CRLReasonExtension reasonExt = new CRLReasonExtension(reason); + * CRLExtensions crlentryexts = new CRLExtensions(); + * + * try { crlentryexts.set(CRLReasonExtension.NAME, reasonExt); } + * catch (IOException e) { + * CMS.debug("CMSGW_ERR_CRL_REASON "+e.toString()); + * + * // throw new ECMSGWException( // + * CMS.getLogMessage("CMSGW_ERROR_SETTING_CRLREASON")); + * + * } RevokedCertImpl crlentry = new RevokedCertImpl(serialNo, + * CMS.getCurrentDate(), crlentryexts); + * + * return crlentry; } + */ public String getText(Locale locale) { String params[] = { -/* - getConfig(CONFIG_REVOKE_DUPKEY_CERT), -*/ - }; + /* + * getConfig(CONFIG_REVOKE_DUPKEY_CERT), + */ + }; - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_ALLOW_SAME_KEY_RENEWAL_TEXT", params); } @@ -285,12 +262,12 @@ public class UniqueKeyConstraint extends EnrollConstraint { } public boolean isApplicable(IPolicyDefault def) { - if (def instanceof NoDefault) - return true; + if (def instanceof NoDefault) + return true; if (def instanceof UniqueKeyConstraint) return true; - return false; + return false; } } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java index 89b8d4602..2d5db341f 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java @@ -51,17 +51,15 @@ import com.netscape.cms.profile.def.SubjectNameDefault; import com.netscape.cms.profile.def.UserSubjectNameDefault; /** - * This class implements the unique subject name constraint. - * It checks if the subject name in the certificate is - * unique in the internal database, ie, no two certificates - * have the same subject name. - * + * This class implements the unique subject name constraint. It checks if the + * subject name in the certificate is unique in the internal database, ie, no + * two certificates have the same subject name. + * * @version $Revision$, $Date$ */ public class UniqueSubjectNameConstraint extends EnrollConstraint { - public static final String CONFIG_KEY_USAGE_EXTENSION_CHECKING = - "enableKeyUsageExtensionChecking"; + public static final String CONFIG_KEY_USAGE_EXTENSION_CHECKING = "enableKeyUsageExtensionChecking"; private boolean mKeyUsageExtensionChecking = true; public UniqueSubjectNameConstraint() { @@ -69,14 +67,15 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_KEY_USAGE_EXTENSION_CHECKING)) { return new Descriptor(IDescriptor.BOOLEAN, null, "true", - CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_KEY_USAGE_EXTENSION_CHECKING")); + CMS.getUserMessage(locale, + "CMS_PROFILE_CONFIG_KEY_USAGE_EXTENSION_CHECKING")); } return null; } @@ -85,20 +84,19 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { return null; } - /** - * Checks if the key extension in the issued certificate - * is the same as the one in the certificate template. - */ - private boolean sameKeyUsageExtension(ICertRecord rec, - X509CertInfo certInfo) { + /** + * Checks if the key extension in the issued certificate is the same as the + * one in the certificate template. + */ + private boolean sameKeyUsageExtension(ICertRecord rec, X509CertInfo certInfo) { X509CertImpl impl = rec.getCertificate(); boolean bits[] = impl.getKeyUsage(); CertificateExtensions extensions = null; try { - extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + extensions = (CertificateExtensions) certInfo + .get(X509CertInfo.EXTENSIONS); } catch (IOException e) { } catch (java.security.cert.CertificateException e) { } @@ -109,10 +107,10 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { return false; } else { try { - ext = (KeyUsageExtension) extensions.get( - KeyUsageExtension.NAME); + ext = (KeyUsageExtension) extensions + .get(KeyUsageExtension.NAME); } catch (IOException e) { - // extension isn't there. + // extension isn't there. } if (ext == null) { @@ -135,48 +133,44 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { return false; } } - } + } } - return true; + return true; } - /** - * Validates the request. The request is not modified - * during the validation. - * - * Rules are as follows: - * If the subject name is not unique, then the request will be rejected unless: - * 1. the certificate is expired or expired_revoked + * Validates the request. The request is not modified during the validation. + * + * Rules are as follows: If the subject name is not unique, then the request + * will be rejected unless: 1. the certificate is expired or expired_revoked * 2. the certificate is revoked and the revocation reason is not "on hold" - * 3. the keyUsageExtension bits are different and enableKeyUsageExtensionChecking=true (default) + * 3. the keyUsageExtension bits are different and + * enableKeyUsageExtensionChecking=true (default) */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { CMS.debug("UniqueSubjectNameConstraint: validate start"); CertificateSubjectName sn = null; - IAuthority authority = (IAuthority)CMS.getSubsystem("ca"); - + IAuthority authority = (IAuthority) CMS.getSubsystem("ca"); + mKeyUsageExtensionChecking = getConfigBoolean(CONFIG_KEY_USAGE_EXTENSION_CHECKING); ICertificateRepository certdb = null; if (authority != null && authority instanceof ICertificateAuthority) { - ICertificateAuthority ca = (ICertificateAuthority)authority; + ICertificateAuthority ca = (ICertificateAuthority) authority; certdb = ca.getCertificateRepository(); } - + try { sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); } catch (Exception e) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + throw new ERejectException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } String certsubjectname = null; if (sn == null) - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + throw new ERejectException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); else { certsubjectname = sn.toString(); String filter = "x509Cert.subject=" + certsubjectname; @@ -184,7 +178,8 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { try { sameSubjRecords = certdb.findCertRecords(filter); } catch (EBaseException e) { - CMS.debug("UniqueSubjectNameConstraint exception: "+e.toString()); + CMS.debug("UniqueSubjectNameConstraint exception: " + + e.toString()); } while (sameSubjRecords != null && sameSubjRecords.hasMoreElements()) { ICertRecord rec = (ICertRecord) sameSubjRecords.nextElement(); @@ -194,7 +189,8 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { RevocationReason reason = null; if (revocationInfo != null) { - CRLExtensions crlExts = revocationInfo.getCRLEntryExtensions(); + CRLExtensions crlExts = revocationInfo + .getCRLEntryExtensions(); if (crlExts != null) { Enumeration enumx = crlExts.getElements(); @@ -209,35 +205,33 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { } } - if (status.equals(ICertRecord.STATUS_EXPIRED) || status.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) { + if (status.equals(ICertRecord.STATUS_EXPIRED) + || status.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) { continue; } - if (status.equals(ICertRecord.STATUS_REVOKED) && reason != null && - (! reason.equals(RevocationReason.CERTIFICATE_HOLD))) { + if (status.equals(ICertRecord.STATUS_REVOKED) && reason != null + && (!reason.equals(RevocationReason.CERTIFICATE_HOLD))) { continue; } - if (mKeyUsageExtensionChecking && !sameKeyUsageExtension(rec, info)) { + if (mKeyUsageExtensionChecking + && !sameKeyUsageExtension(rec, info)) { continue; } - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_UNIQUE", - certsubjectname)); + throw new ERejectException(CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_UNIQUE", certsubjectname)); } } - CMS.debug("UniqueSubjectNameConstraint: validate end"); + CMS.debug("UniqueSubjectNameConstraint: validate end"); } public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_KEY_USAGE_EXTENSION_CHECKING) - }; - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_UNIQUE_SUBJECT_NAME_TEXT", - params); + String params[] = { getConfig(CONFIG_KEY_USAGE_EXTENSION_CHECKING) }; + return CMS.getUserMessage(locale, + "CMS_PROFILE_CONSTRAINT_UNIQUE_SUBJECT_NAME_TEXT", params); } public boolean isApplicable(IPolicyDefault def) { diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java index 95c322214..33b1cb0d8 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.io.IOException; import java.util.Date; import java.util.Locale; @@ -40,12 +39,10 @@ import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserValidityDefault; import com.netscape.cms.profile.def.ValidityDefault; - /** - * This class implements the validity constraint. - * It checks if the validity in the certificate - * template satisfies the criteria. - * + * This class implements the validity constraint. It checks if the validity in + * the certificate template satisfies the criteria. + * * @version $Revision$, $Date$ */ public class ValidityConstraint extends EnrollConstraint { @@ -68,20 +65,19 @@ public class ValidityConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public void setConfig(String name, String value) - throws EPropertyException { - if (name.equals(CONFIG_RANGE) || - name.equals(CONFIG_NOT_BEFORE_GRACE_PERIOD)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + public void setConfig(String name, String value) throws EPropertyException { + if (name.equals(CONFIG_RANGE) + || name.equals(CONFIG_NOT_BEFORE_GRACE_PERIOD)) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", name)); - } + "CMS_INVALID_PROPERTY", name)); + } } super.setConfig(name, value); } @@ -92,30 +88,32 @@ public class ValidityConstraint extends EnrollConstraint { CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_RANGE")); } else if (name.equals(CONFIG_NOT_BEFORE_GRACE_PERIOD)) { return new Descriptor(IDescriptor.INTEGER, null, "0", - CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_NOT_BEFORE_GRACE_PERIOD")); + CMS.getUserMessage(locale, + "CMS_PROFILE_VALIDITY_NOT_BEFORE_GRACE_PERIOD")); } else if (name.equals(CONFIG_CHECK_NOT_BEFORE)) { return new Descriptor(IDescriptor.BOOLEAN, null, "false", - CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_CHECK_NOT_BEFORE")); + CMS.getUserMessage(locale, + "CMS_PROFILE_VALIDITY_CHECK_NOT_BEFORE")); } else if (name.equals(CONFIG_CHECK_NOT_AFTER)) { return new Descriptor(IDescriptor.BOOLEAN, null, "false", - CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_CHECK_NOT_AFTER")); + CMS.getUserMessage(locale, + "CMS_PROFILE_VALIDITY_CHECK_NOT_AFTER")); } return null; } /** - * Validates the request. The request is not modified - * during the validation. + * Validates the request. The request is not modified during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { CertificateValidity v = null; try { v = (CertificateValidity) info.get(X509CertInfo.VALIDITY); } catch (Exception e) { throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_VALIDITY_NOT_FOUND")); + "CMS_PROFILE_VALIDITY_NOT_FOUND")); } Date notBefore = null; @@ -124,7 +122,7 @@ public class ValidityConstraint extends EnrollConstraint { } catch (IOException e) { CMS.debug("ValidityConstraint: not before not found"); throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_VALIDITY_NOT_FOUND")); + "CMS_PROFILE_VALIDITY_NOT_FOUND")); } Date notAfter = null; @@ -133,33 +131,36 @@ public class ValidityConstraint extends EnrollConstraint { } catch (IOException e) { CMS.debug("ValidityConstraint: not after not found"); throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_VALIDITY_NOT_FOUND")); + "CMS_PROFILE_VALIDITY_NOT_FOUND")); } if (notAfter.getTime() < notBefore.getTime()) { - CMS.debug("ValidityConstraint: notAfter (" + notAfter + ") < notBefore (" + notBefore + ")"); + CMS.debug("ValidityConstraint: notAfter (" + notAfter + + ") < notBefore (" + notBefore + ")"); throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_NOT_AFTER_BEFORE_NOT_BEFORE")); + "CMS_PROFILE_NOT_AFTER_BEFORE_NOT_BEFORE")); } long millisDiff = notAfter.getTime() - notBefore.getTime(); - CMS.debug("ValidityConstraint: millisDiff=" + millisDiff + " notAfter=" + notAfter.getTime() + " notBefore=" + notBefore.getTime()); - long long_days = (millisDiff / 1000 ) / 86400; - CMS.debug("ValidityConstraint: long_days: "+long_days); - int days = (int)long_days; - CMS.debug("ValidityConstraint: days: "+days); + CMS.debug("ValidityConstraint: millisDiff=" + millisDiff + " notAfter=" + + notAfter.getTime() + " notBefore=" + notBefore.getTime()); + long long_days = (millisDiff / 1000) / 86400; + CMS.debug("ValidityConstraint: long_days: " + long_days); + int days = (int) long_days; + CMS.debug("ValidityConstraint: days: " + days); if (days > Integer.parseInt(getConfig(CONFIG_RANGE))) { - throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_VALIDITY_OUT_OF_RANGE", - Integer.toString(days))); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_VALIDITY_OUT_OF_RANGE", + Integer.toString(days))); } - // 613828 - // The validity field shall specify a notBefore value - // that does not precede the current time and a notAfter - // value that does not precede the value specified in - // notBefore (test can be automated; try entering violating + // 613828 + // The validity field shall specify a notBefore value + // that does not precede the current time and a notAfter + // value that does not precede the value specified in + // notBefore (test can be automated; try entering violating // time values and check result). String notBeforeCheckStr = getConfig(CONFIG_CHECK_NOT_BEFORE); boolean notBeforeCheck; @@ -167,7 +168,7 @@ public class ValidityConstraint extends EnrollConstraint { if (notBeforeCheckStr == null || notBeforeCheckStr.equals("")) { notBeforeCheckStr = "false"; } - notBeforeCheck = Boolean.valueOf(notBeforeCheckStr).booleanValue(); + notBeforeCheck = Boolean.valueOf(notBeforeCheckStr).booleanValue(); String notAfterCheckStr = getConfig(CONFIG_CHECK_NOT_AFTER); boolean notAfterCheck; @@ -175,34 +176,43 @@ public class ValidityConstraint extends EnrollConstraint { if (notAfterCheckStr == null || notAfterCheckStr.equals("")) { notAfterCheckStr = "false"; } - notAfterCheck = Boolean.valueOf(notAfterCheckStr).booleanValue(); + notAfterCheck = Boolean.valueOf(notAfterCheckStr).booleanValue(); String notBeforeGracePeriodStr = getConfig(CONFIG_NOT_BEFORE_GRACE_PERIOD); - if (notBeforeGracePeriodStr == null || notBeforeGracePeriodStr.equals("")) { + if (notBeforeGracePeriodStr == null + || notBeforeGracePeriodStr.equals("")) { notBeforeGracePeriodStr = "0"; } - long notBeforeGracePeriod = Long.parseLong(notBeforeGracePeriodStr) * SECS_IN_MS; + long notBeforeGracePeriod = Long.parseLong(notBeforeGracePeriodStr) + * SECS_IN_MS; Date current = CMS.getCurrentDate(); if (notBeforeCheck) { if (notBefore.getTime() > (current.getTime() + notBeforeGracePeriod)) { - CMS.debug("ValidityConstraint: notBefore (" + notBefore + ") > current + "+ - "gracePeriod (" + new Date(current.getTime() + notBeforeGracePeriod) + ")"); - throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_NOT_BEFORE_AFTER_CURRENT")); + CMS.debug("ValidityConstraint: notBefore (" + notBefore + + ") > current + " + "gracePeriod (" + + new Date(current.getTime() + notBeforeGracePeriod) + + ")"); + throw new ERejectException(CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_NOT_BEFORE_AFTER_CURRENT")); } } if (notAfterCheck) { if (notAfter.getTime() < current.getTime()) { - CMS.debug("ValidityConstraint: notAfter (" + notAfter + ") < current + (" + current + ")"); - throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_NOT_AFTER_BEFORE_CURRENT")); + CMS.debug("ValidityConstraint: notAfter (" + notAfter + + ") < current + (" + current + ")"); + throw new ERejectException(CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_NOT_AFTER_BEFORE_CURRENT")); } } } public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_VALIDITY_TEXT", getConfig(CONFIG_RANGE)); + return CMS + .getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_VALIDITY_TEXT", + getConfig(CONFIG_RANGE)); } public boolean isApplicable(IPolicyDefault def) { diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java index 6f73cd523..5f2481978 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -40,11 +39,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates Authuority Info Access extension. - * + * This class implements an enrollment default policy that populates Authuority + * Info Access extension. + * * @version $Revision$, $Date$ */ public class AuthInfoAccessExtDefault extends EnrollExtDefault { @@ -89,30 +87,29 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { return num; } - + public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_ADS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_AD || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_AD || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); - } - - } catch (Exception e) { + } + + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); - } - } + "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); + } + } super.setConfig(name, value); } @@ -122,7 +119,7 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { } protected void refreshConfigAndValueNames() { - //refesh our config name list + // refesh our config name list super.refreshConfigAndValueNames(); mConfigNames.removeAllElements(); @@ -142,89 +139,79 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_AD_METHOD)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_AD_METHOD")); } else if (name.startsWith(CONFIG_AD_LOCATIONTYPE)) { - return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", - "URIName", - CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATIONTYPE")); + return new Descriptor( + IDescriptor.CHOICE, + "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", + "URIName", CMS.getUserMessage(locale, + "CMS_PROFILE_AD_LOCATIONTYPE")); } else if (name.startsWith(CONFIG_AD_LOCATION)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATION")); } else if (name.startsWith(CONFIG_AD_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_AD_ENABLE")); } else if (name.startsWith(CONFIG_NUM_ADS)) { - return new Descriptor(IDescriptor.INTEGER, null, - "1", + return new Descriptor(IDescriptor.INTEGER, null, "1", CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ADS")); - } + } return null; } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_GENERAL_NAMES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES")); } else { return null; } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { try { AuthInfoAccessExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + if (name == null) { + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - AuthInfoAccessExtension a = new AuthInfoAccessExtension(false); ObjectIdentifier oid = a.getExtensionId(); - ext = (AuthInfoAccessExtension) - getExtension(oid.toString(), info); + ext = (AuthInfoAccessExtension) getExtension(oid.toString(), info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } - + if (name.equals(VAL_CRITICAL)) { - ext = (AuthInfoAccessExtension) - getExtension(oid.toString(), info); + ext = (AuthInfoAccessExtension) getExtension(oid.toString(), + info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) - { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_GENERAL_NAMES)) { + ext.setCritical(val); + } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = (AuthInfoAccessExtension) - getExtension(oid.toString(), info); + ext = (AuthInfoAccessExtension) getExtension(oid.toString(), + info); - if(ext == null) - { + if (ext == null) { return; } boolean critical = ext.isCritical(); @@ -260,73 +247,76 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { GeneralName gn = null; if (locationType != null || location != null) { - GeneralNameInterface interface1 = parseGeneralName(locationType + ":" + location); + GeneralNameInterface interface1 = parseGeneralName(locationType + + ":" + location); if (interface1 == null) - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", locationType)); + throw new EPropertyException( + CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", + locationType)); gn = new GeneralName(interface1); } - + if (method != null) { try { - ext.addAccessDescription(new ObjectIdentifier(method), gn); + ext.addAccessDescription(new ObjectIdentifier( + method), gn); } catch (NumberFormatException ee) { - CMS.debug("AuthInfoAccessExtDefault: "+ee.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_PROFILE_DEF_AIA_OID", method)); + CMS.debug("AuthInfoAccessExtDefault: " + + ee.toString()); + throw new EPropertyException( + CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_AIA_OID", + method)); } } } } } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } replaceExtension(ext.getExtensionId().toString(), ext, info); } catch (IOException e) { CMS.debug("AuthInfoAccessExtDefault: " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } catch (EProfileException e) { CMS.debug("AuthInfoAccessExtDefault: " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { AuthInfoAccessExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + if (name == null) { + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } AuthInfoAccessExtension a = new AuthInfoAccessExtension(false); - ObjectIdentifier oid = a.getExtensionId(); + ObjectIdentifier oid = a.getExtensionId(); - ext = (AuthInfoAccessExtension) - getExtension(oid.toString(), info); + ext = (AuthInfoAccessExtension) getExtension(oid.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { CMS.debug("AuthInfoAccessExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (AuthInfoAccessExtension) - getExtension(oid.toString(), info); + ext = (AuthInfoAccessExtension) getExtension(oid.toString(), info); if (ext == null) { return null; @@ -336,20 +326,19 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_GENERAL_NAMES)) { + } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = (AuthInfoAccessExtension) - getExtension(oid.toString(), info); + ext = (AuthInfoAccessExtension) getExtension(oid.toString(), info); if (ext == null) return ""; int num = getNumAds(); - + CMS.debug("AuthInfoAccess num=" + num); Vector recs = new Vector(); - for (int i = 0; i < num; i++) { + for (int i = 0; i < num; i++) { NameValuePairs np = new NameValuePairs(); AccessDescription des = null; @@ -363,7 +352,7 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { np.add(AD_ENABLE, "false"); } else { ObjectIdentifier methodOid = des.getMethod(); - GeneralName gn = des.getLocation(); + GeneralName gn = des.getLocation(); np.add(AD_METHOD, methodOid.toString()); np.add(AD_LOCATION_TYPE, getGeneralNameType(gn)); @@ -375,8 +364,8 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { return buildRecords(recs); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } @@ -402,7 +391,7 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { ads.append(getConfig(CONFIG_AD_ENABLE + i)); ads.append("}"); } - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AIA_TEXT", + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AIA_TEXT", getConfig(CONFIG_CRITICAL), ads.toString()); } @@ -410,14 +399,14 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { AuthInfoAccessExtension ext = createExtension(); addExtension(ext.getExtensionId().toString(), ext, info); } public AuthInfoAccessExtension createExtension() { - AuthInfoAccessExtension ext = null; + AuthInfoAccessExtension ext = null; int num = getNumAds(); try { @@ -439,22 +428,24 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { String hostname = CMS.getEENonSSLHost(); String port = CMS.getEENonSSLPort(); if (hostname != null && port != null) - // location = "http://"+hostname+":"+port+"/ocsp/ee/ocsp"; - location = "http://"+hostname+":"+port+"/ca/ocsp"; + // location = + // "http://"+hostname+":"+port+"/ocsp/ee/ocsp"; + location = "http://" + hostname + ":" + port + + "/ca/ocsp"; } } String s = locationType + ":" + location; GeneralNameInterface gn = parseGeneralName(s); if (gn != null) { - ext.addAccessDescription(new ObjectIdentifier(method), - new GeneralName(gn)); + ext.addAccessDescription(new ObjectIdentifier(method), + new GeneralName(gn)); } } } } catch (Exception e) { - CMS.debug("AuthInfoAccessExtDefault: createExtension " + - e.toString()); + CMS.debug("AuthInfoAccessExtDefault: createExtension " + + e.toString()); } return ext; diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java index a308e2ebf..f95b9d23e 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Locale; @@ -35,11 +34,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy that - * populates subject name based on the attribute values - * in the authentication token (AuthToken) object. + * This class implements an enrollment default policy that populates subject + * name based on the attribute values in the authentication token (AuthToken) + * object. * * @version $Revision$, $Date$ */ @@ -53,7 +51,7 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -66,67 +64,66 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault { } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { CMS.debug("AuthTokenSubjectNameDefault: begins"); if (name == null) { throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { X500Name x500name = null; try { x500name = new X500Name(value); - CMS.debug("AuthTokenSubjectNameDefault: setValue x500name=" + x500name.toString()); + CMS.debug("AuthTokenSubjectNameDefault: setValue x500name=" + + x500name.toString()); } catch (IOException e) { - CMS.debug("AuthTokenSubjectNameDefault: setValue " + - e.toString()); + CMS.debug("AuthTokenSubjectNameDefault: setValue " + + e.toString()); // failed to build x500 name } - CMS.debug("AuthTokenSubjectNameDefault: setValue name=" + x500name.toString()); + CMS.debug("AuthTokenSubjectNameDefault: setValue name=" + + x500name.toString()); try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); + info.set(X509CertInfo.SUBJECT, new CertificateSubjectName( + x500name)); } catch (Exception e) { // failed to insert subject name - CMS.debug("AuthTokenSubjectNameDefault: setValue " + - e.toString()); + CMS.debug("AuthTokenSubjectNameDefault: setValue " + + e.toString()); } } else { throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { if (name == null) throw new EPropertyException("Invalid name " + name); if (name.equals(VAL_NAME)) { CertificateSubjectName sn = null; try { - sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); + sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); return sn.toString(); } catch (Exception e) { // nothing - CMS.debug("AuthTokenSubjectNameDefault: getValue " + - e.toString()); + CMS.debug("AuthTokenSubjectNameDefault: getValue " + + e.toString()); } throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + "CMS_INVALID_PROPERTY", name)); } else { throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AUTHTOKEN_SUBJECT_NAME"); } @@ -134,7 +131,7 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { // authenticate the subject name and populate it // to the certinfo @@ -142,13 +139,14 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault { X500Name name = new X500Name( request.getExtDataInString(IProfileAuthenticator.AUTHENTICATED_NAME)); - CMS.debug("AuthTokenSubjectNameDefault: X500Name=" + name.toString()); + CMS.debug("AuthTokenSubjectNameDefault: X500Name=" + + name.toString()); info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(name)); } catch (Exception e) { // failed to insert subject name CMS.debug("AuthTokenSubjectNameDefault: " + e.toString()); throw new EProfileException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java index 869deed22..3115ba19c 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Locale; @@ -35,12 +34,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates Authority Key Identifier extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates Authority + * Key Identifier extension into the certificate template. + * * @version $Revision$, $Date$ */ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { @@ -56,69 +53,62 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, null, CMS.getUserMessage(locale, - "CMS_PROFILE_CRITICAL")); + return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, + null, CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_KEY_ID)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, null, CMS.getUserMessage(locale, - "CMS_PROFILE_KEY_ID")); + return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, + null, CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ID")); } else { return null; } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_CRITICAL)) { // do nothing for read only value } else if (name.equals(VAL_KEY_ID)) { // do nothing for read only value } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } + AuthorityKeyIdentifierExtension ext = (AuthorityKeyIdentifierExtension) getExtension( + PKIXExtensions.AuthorityKey_Id.toString(), info); - AuthorityKeyIdentifierExtension ext = - (AuthorityKeyIdentifierExtension) getExtension( - PKIXExtensions.AuthorityKey_Id.toString(), info); - - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + CMS.debug("BasicConstraintsExtDefault: getValue " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = - (AuthorityKeyIdentifierExtension) getExtension( + ext = (AuthorityKeyIdentifierExtension) getExtension( PKIXExtensions.AuthorityKey_Id.toString(), info); if (ext == null) { @@ -130,8 +120,7 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { return "false"; } } else if (name.equals(VAL_KEY_ID)) { - ext = - (AuthorityKeyIdentifierExtension) getExtension( + ext = (AuthorityKeyIdentifierExtension) getExtension( PKIXExtensions.AuthorityKey_Id.toString(), info); if (ext == null) { @@ -141,18 +130,18 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { KeyIdentifier kid = null; try { - kid = (KeyIdentifier) - ext.get(AuthorityKeyIdentifierExtension.KEY_ID); + kid = (KeyIdentifier) ext + .get(AuthorityKeyIdentifierExtension.KEY_ID); } catch (IOException e) { // CMS.debug(e.toString()); } - if (kid == null) + if (kid == null) return ""; return toHexString(kid.getIdentifier()); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } @@ -164,7 +153,7 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { AuthorityKeyIdentifierExtension ext = createExtension(info); addExtension(PKIXExtensions.AuthorityKey_Id.toString(), ext, info); @@ -174,9 +163,9 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { KeyIdentifier kid = null; String localKey = getConfig("localKey"); if (localKey != null && localKey.equals("true")) { - kid = getKeyIdentifier(info); + kid = getKeyIdentifier(info); } else { - kid = getCAKeyIdentifier(); + kid = getCAKeyIdentifier(); } if (kid == null) @@ -186,8 +175,8 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { try { ext = new AuthorityKeyIdentifierExtension(false, kid, null, null); } catch (IOException e) { - CMS.debug("AuthorityKeyIdentifierExtDefault: createExtension " + - e.toString()); + CMS.debug("AuthorityKeyIdentifierExtDefault: createExtension " + + e.toString()); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java index 7ab05d755..d6867225f 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.util.Locale; import netscape.security.x509.X509CertInfo; @@ -31,11 +30,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that automatically assign request to agent. - * + * This class implements an enrollment default policy that automatically assign + * request to agent. + * * @version $Revision$, $Date$ */ public class AutoAssignDefault extends EnrollDefault { @@ -48,15 +46,14 @@ public class AutoAssignDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_ASSIGN_TO)) { - return new Descriptor(IDescriptor.STRING, - null, "admin", CMS.getUserMessage(locale, - "CMS_PROFILE_AUTO_ASSIGN")); + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_ASSIGN_TO)) { + return new Descriptor(IDescriptor.STRING, null, "admin", + CMS.getUserMessage(locale, "CMS_PROFILE_AUTO_ASSIGN")); } else { return null; } @@ -66,30 +63,28 @@ public class AutoAssignDefault extends EnrollDefault { return null; } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { return null; } public String getText(Locale locale) { return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AUTO_ASSIGN", - getConfig(CONFIG_ASSIGN_TO)); + getConfig(CONFIG_ASSIGN_TO)); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { try { - request.setRequestOwner( - mapPattern(request, getConfig(CONFIG_ASSIGN_TO))); + request.setRequestOwner(mapPattern(request, + getConfig(CONFIG_ASSIGN_TO))); } catch (Exception e) { // failed to insert subject name CMS.debug("AutoAssignDefault: populate " + e.toString()); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java index 8c5d8094d..bde77c7b1 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Locale; @@ -34,12 +33,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates Basic Constraint extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates Basic + * Constraint extension into the certificate template. + * * @version $Revision$, $Date$ */ public class BasicConstraintsExtDefault extends EnrollExtDefault { @@ -64,22 +61,19 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_IS_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "true", + return new Descriptor(IDescriptor.BOOLEAN, null, "true", CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA")); } else if (name.equals(CONFIG_PATH_LEN)) { - return new Descriptor(IDescriptor.INTEGER, null, - "-1", + return new Descriptor(IDescriptor.INTEGER, null, "-1", CMS.getUserMessage(locale, "CMS_PROFILE_PATH_LEN")); } return null; @@ -87,66 +81,60 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_IS_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "true", + return new Descriptor(IDescriptor.BOOLEAN, null, "true", CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA")); } else if (name.equals(VAL_PATH_LEN)) { - return new Descriptor(IDescriptor.INTEGER, null, - "-1", + return new Descriptor(IDescriptor.INTEGER, null, "-1", CMS.getUserMessage(locale, "CMS_PROFILE_PATH_LEN")); } else { return null; } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { try { BasicConstraintsExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + if (name == null) { + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); + ext = (BasicConstraintsExtension) getExtension( + PKIXExtensions.BasicConstraints_Id.toString(), info); - if(ext == null) - { - populate(null,info); + if (ext == null) { + populate(null, info); } if (name.equals(VAL_CRITICAL)) { - ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - boolean val = Boolean.valueOf(value).booleanValue(); + ext = (BasicConstraintsExtension) getExtension( + PKIXExtensions.BasicConstraints_Id.toString(), info); + boolean val = Boolean.valueOf(value).booleanValue(); - - if(ext == null) { + if (ext == null) { return; } ext.setCritical(val); } else if (name.equals(VAL_IS_CA)) { - ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - if(ext == null) { + ext = (BasicConstraintsExtension) getExtension( + PKIXExtensions.BasicConstraints_Id.toString(), info); + if (ext == null) { return; } Boolean isCA = Boolean.valueOf(value); ext.set(BasicConstraintsExtension.IS_CA, isCA); } else if (name.equals(VAL_PATH_LEN)) { - ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); + ext = (BasicConstraintsExtension) getExtension( + PKIXExtensions.BasicConstraints_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } Integer pathLen = Integer.valueOf(value); @@ -156,48 +144,47 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { throw new EPropertyException("Invalid name " + name); } replaceExtension(PKIXExtensions.BasicConstraints_Id.toString(), - ext, info); - } catch (IOException e) { + ext, info); + } catch (IOException e) { CMS.debug("BasicConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } catch (EProfileException e) { CMS.debug("BasicConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { try { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + if (name == null) { + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - BasicConstraintsExtension ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); + BasicConstraintsExtension ext = (BasicConstraintsExtension) getExtension( + PKIXExtensions.BasicConstraints_Id.toString(), info); - if(ext == null) - { + if (ext == null) { CMS.debug("BasicConstraintsExtDefault: getValue ext is null, populating a new one "); - - try { - populate(null,info); + + try { + populate(null, info); } catch (EProfileException e) { - CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + CMS.debug("BasicConstraintsExtDefault: getValue " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); + ext = (BasicConstraintsExtension) getExtension( + PKIXExtensions.BasicConstraints_Id.toString(), info); if (ext == null) { return null; @@ -208,87 +195,85 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { return "false"; } } else if (name.equals(VAL_IS_CA)) { - ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); + ext = (BasicConstraintsExtension) getExtension( + PKIXExtensions.BasicConstraints_Id.toString(), info); if (ext == null) { return null; } - Boolean isCA = (Boolean) ext.get(BasicConstraintsExtension.IS_CA); + Boolean isCA = (Boolean) ext + .get(BasicConstraintsExtension.IS_CA); return isCA.toString(); } else if (name.equals(VAL_PATH_LEN)) { - ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); + ext = (BasicConstraintsExtension) getExtension( + PKIXExtensions.BasicConstraints_Id.toString(), info); if (ext == null) { return null; } - Integer pathLen = (Integer) - ext.get(BasicConstraintsExtension.PATH_LEN); - + Integer pathLen = (Integer) ext + .get(BasicConstraintsExtension.PATH_LEN); String pLen = null; pLen = pathLen.toString(); - if(pLen.equals("-2")) - { - //This is done for bug 621700. Profile constraints actually checks for -1 - //The low level security class for some reason sets this to -2 - //This will allow the request to be approved successfuly by the agent. + if (pLen.equals("-2")) { + // This is done for bug 621700. Profile constraints actually + // checks for -1 + // The low level security class for some reason sets this to + // -2 + // This will allow the request to be approved successfuly by + // the agent. - pLen = "-1"; + pLen = "-1"; } - + CMS.debug("BasicConstriantsExtDefault getValue(pLen) " + pLen); - + return pLen; - - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + } else { + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } catch (IOException e) { CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_IS_CA), - getConfig(CONFIG_PATH_LEN) - }; + String params[] = { getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_IS_CA), getConfig(CONFIG_PATH_LEN) }; - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_BASIC_CONSTRAINTS_EXT", params); + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_BASIC_CONSTRAINTS_EXT", params); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { BasicConstraintsExtension ext = createExtension(); - addExtension(PKIXExtensions.BasicConstraints_Id.toString(), ext, - info); + addExtension(PKIXExtensions.BasicConstraints_Id.toString(), ext, info); } public BasicConstraintsExtension createExtension() { BasicConstraintsExtension ext = null; - boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL)).booleanValue(); + boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL)) + .booleanValue(); boolean isCA = Boolean.valueOf(getConfig(CONFIG_IS_CA)).booleanValue(); String pathLenStr = getConfig(CONFIG_PATH_LEN); int pathLen = -2; - - if(!pathLenStr.equals("") ) { + if (!pathLenStr.equals("")) { pathLen = Integer.valueOf(pathLenStr).intValue(); } @@ -296,8 +281,8 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { try { ext = new BasicConstraintsExtension(isCA, critical, pathLen); } catch (Exception e) { - CMS.debug("BasicConstraintsExtDefault: createExtension " + - e.toString()); + CMS.debug("BasicConstraintsExtDefault: createExtension " + + e.toString()); return null; } ext.setCritical(critical); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java index 4b883f7f8..b9376c82e 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @@ -34,12 +33,10 @@ import netscape.security.x509.X509Key; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.ca.ICertificateAuthority; - /** - * This class implements an abstract CA specific - * Enrollment default. This policy can only be - * used with CA subsystem. - * + * This class implements an abstract CA specific Enrollment default. This policy + * can only be used with CA subsystem. + * * @version $Revision$, $Date$ */ public abstract class CAEnrollDefault extends EnrollDefault { @@ -48,8 +45,8 @@ public abstract class CAEnrollDefault extends EnrollDefault { public KeyIdentifier getKeyIdentifier(X509CertInfo info) { try { - CertificateX509Key ckey = (CertificateX509Key) - info.get(X509CertInfo.KEY); + CertificateX509Key ckey = (CertificateX509Key) info + .get(X509CertInfo.KEY); X509Key key = (X509Key) ckey.get(CertificateX509Key.KEY); MessageDigest md = MessageDigest.getInstance("SHA-1"); @@ -58,36 +55,35 @@ public abstract class CAEnrollDefault extends EnrollDefault { return new KeyIdentifier(hash); } catch (IOException e) { - CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + - e.toString()); + CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + + e.toString()); } catch (CertificateException e) { - CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + - e.toString()); + CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + + e.toString()); } catch (NoSuchAlgorithmException e) { - CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + - e.toString()); + CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + + e.toString()); } return null; } public KeyIdentifier getCAKeyIdentifier() { - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_CA); X509CertImpl caCert = ca.getCACert(); if (caCert == null) { - // during configuration, we dont have the CA certificate - return null; + // during configuration, we dont have the CA certificate + return null; } X509Key key = (X509Key) caCert.getPublicKey(); - SubjectKeyIdentifierExtension subjKeyIdExt = - (SubjectKeyIdentifierExtension) - caCert.getExtension(PKIXExtensions.SubjectKey_Id.toString()); + SubjectKeyIdentifierExtension subjKeyIdExt = (SubjectKeyIdentifierExtension) caCert + .getExtension(PKIXExtensions.SubjectKey_Id.toString()); if (subjKeyIdExt != null) { try { - KeyIdentifier keyId = (KeyIdentifier) subjKeyIdExt.get( - SubjectKeyIdentifierExtension.KEY_ID); - return keyId; + KeyIdentifier keyId = (KeyIdentifier) subjKeyIdExt + .get(SubjectKeyIdentifierExtension.KEY_ID); + return keyId; } catch (IOException e) { } } @@ -100,8 +96,8 @@ public abstract class CAEnrollDefault extends EnrollDefault { return new KeyIdentifier(hash); } catch (NoSuchAlgorithmException e) { - CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + - e.toString()); + CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + + e.toString()); } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java index 8bf4c75fa..94bc7ca93 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.text.ParsePosition; import java.text.SimpleDateFormat; @@ -39,21 +38,19 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements a CA signing cert enrollment default policy - * that populates a server-side configurable validity - * into the certificate template. + * This class implements a CA signing cert enrollment default policy that + * populates a server-side configurable validity into the certificate template. * It allows an agent to bypass the CA's signing cert's expiration constraint */ public class CAValidityDefault extends EnrollDefault { public static final String CONFIG_RANGE = "range"; public static final String CONFIG_START_TIME = "startTime"; - public static final String CONFIG_BYPASS_CA_NOTAFTER= "bypassCAnotafter"; + public static final String CONFIG_BYPASS_CA_NOTAFTER = "bypassCAnotafter"; public static final String VAL_NOT_BEFORE = "notBefore"; public static final String VAL_NOT_AFTER = "notAfter"; - public static final String VAL_BYPASS_CA_NOTAFTER= "bypassCAnotafter"; + public static final String VAL_BYPASS_CA_NOTAFTER = "bypassCAnotafter"; public static final String DATE_FORMAT = "yyyy-MM-dd HH:mm:ss"; @@ -72,47 +69,41 @@ public class CAValidityDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); - mCA = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + mCA = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) throws EPropertyException { if (name.equals(CONFIG_RANGE)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_RANGE)); - } + "CMS_INVALID_PROPERTY", CONFIG_RANGE)); + } } else if (name.equals(CONFIG_START_TIME)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_START_TIME)); - } + "CMS_INVALID_PROPERTY", CONFIG_START_TIME)); + } } super.setConfig(name, value); } public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_RANGE)) { - return new Descriptor(IDescriptor.STRING, - null, - "2922", /* 8 years */ - CMS.getUserMessage(locale, - "CMS_PROFILE_VALIDITY_RANGE")); + return new Descriptor(IDescriptor.STRING, null, "2922", /* 8 years */ + CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_RANGE")); } else if (name.equals(CONFIG_START_TIME)) { - return new Descriptor(IDescriptor.STRING, - null, - "60", /* 1 minute */ - CMS.getUserMessage(locale, - "CMS_PROFILE_VALIDITY_START_TIME")); + return new Descriptor(IDescriptor.STRING, null, "60", /* 1 minute */ + CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_START_TIME")); } else if (name.equals(CONFIG_BYPASS_CA_NOTAFTER)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor( + IDescriptor.BOOLEAN, + null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_BYPASS_CA_NOTAFTER")); @@ -129,7 +120,9 @@ public class CAValidityDefault extends EnrollDefault { return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_AFTER")); } else if (name.equals(VAL_BYPASS_CA_NOTAFTER)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor( + IDescriptor.BOOLEAN, + null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_BYPASS_CA_NOTAFTER")); } else { @@ -137,90 +130,87 @@ public class CAValidityDefault extends EnrollDefault { } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - if (value == null || value.equals("")) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + if (value == null || value.equals("")) { + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - CMS.debug("CAValidityDefault: setValue name= "+ name); + CMS.debug("CAValidityDefault: setValue name= " + name); if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT); ParsePosition pos = new ParsePosition(0); Date date = formatter.parse(value, pos); CertificateValidity validity = null; try { - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); - validity.set(CertificateValidity.NOT_BEFORE, - date); + validity = (CertificateValidity) info + .get(X509CertInfo.VALIDITY); + validity.set(CertificateValidity.NOT_BEFORE, date); } catch (Exception e) { CMS.debug("CAValidityDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT); ParsePosition pos = new ParsePosition(0); Date date = formatter.parse(value, pos); CertificateValidity validity = null; try { - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); - validity.set(CertificateValidity.NOT_AFTER, - date); + validity = (CertificateValidity) info + .get(X509CertInfo.VALIDITY); + validity.set(CertificateValidity.NOT_AFTER, date); } catch (Exception e) { CMS.debug("CAValidityDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } else if (name.equals(VAL_BYPASS_CA_NOTAFTER)) { boolean bypassCAvalidity = Boolean.valueOf(value).booleanValue(); - CMS.debug("CAValidityDefault: setValue: bypassCAvalidity="+ bypassCAvalidity); + CMS.debug("CAValidityDefault: setValue: bypassCAvalidity=" + + bypassCAvalidity); - BasicConstraintsExtension ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); + BasicConstraintsExtension ext = (BasicConstraintsExtension) getExtension( + PKIXExtensions.BasicConstraints_Id.toString(), info); - if(ext == null) { + if (ext == null) { CMS.debug("CAValidityDefault: setValue: this default cannot be applied to non-CA cert."); return; } try { - Boolean isCA = (Boolean) ext.get(BasicConstraintsExtension.IS_CA); - if(isCA.booleanValue() != true) { + Boolean isCA = (Boolean) ext + .get(BasicConstraintsExtension.IS_CA); + if (isCA.booleanValue() != true) { CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert."); return; } } catch (Exception e) { - CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert."+ e.toString()); + CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert." + + e.toString()); return; } CertificateValidity validity = null; Date notAfter = null; try { - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); + validity = (CertificateValidity) info + .get(X509CertInfo.VALIDITY); notAfter = (Date) validity.get(CertificateValidity.NOT_AFTER); } catch (Exception e) { CMS.debug("CAValidityDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } // not to exceed CA's expiration - Date caNotAfter = - mCA.getSigningUnit().getCertImpl().getNotAfter(); + Date caNotAfter = mCA.getSigningUnit().getCertImpl().getNotAfter(); if (notAfter.after(caNotAfter)) { if (bypassCAvalidity == false) { @@ -231,86 +221,80 @@ public class CAValidityDefault extends EnrollDefault { } } try { - validity.set(CertificateValidity.NOT_AFTER, - notAfter); + validity.set(CertificateValidity.NOT_AFTER, notAfter); } catch (Exception e) { CMS.debug("CAValidityDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { if (name == null) - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); - CMS.debug("CAValidityDefault: getValue: name= "+ name); + CMS.debug("CAValidityDefault: getValue: name= " + name); if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT); CertificateValidity validity = null; try { - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); - return formatter.format((Date) - validity.get(CertificateValidity.NOT_BEFORE)); + validity = (CertificateValidity) info + .get(X509CertInfo.VALIDITY); + return formatter.format((Date) validity + .get(CertificateValidity.NOT_BEFORE)); } catch (Exception e) { CMS.debug("CAValidityDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT); CertificateValidity validity = null; try { - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); - return formatter.format((Date) - validity.get(CertificateValidity.NOT_AFTER)); + validity = (CertificateValidity) info + .get(X509CertInfo.VALIDITY); + return formatter.format((Date) validity + .get(CertificateValidity.NOT_AFTER)); } catch (Exception e) { CMS.debug("CAValidityDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } else if (name.equals(VAL_BYPASS_CA_NOTAFTER)) { return "false"; } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_RANGE), - getConfig(CONFIG_BYPASS_CA_NOTAFTER) - }; + String params[] = { getConfig(CONFIG_RANGE), + getConfig(CONFIG_BYPASS_CA_NOTAFTER) }; - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", params); + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", params); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { // always + 60 seconds String startTimeStr = getConfig(CONFIG_START_TIME); try { - startTimeStr = mapPattern(request, startTimeStr); + startTimeStr = mapPattern(request, startTimeStr); } catch (IOException e) { CMS.debug("CAValidityDefault: populate " + e.toString()); } @@ -319,32 +303,33 @@ public class CAValidityDefault extends EnrollDefault { startTimeStr = "60"; } int startTime = Integer.parseInt(startTimeStr); - Date notBefore = new Date(CMS.getCurrentDate().getTime() + (1000 * startTime)); + Date notBefore = new Date(CMS.getCurrentDate().getTime() + + (1000 * startTime)); long notAfterVal = 0; try { String rangeStr = getConfig(CONFIG_RANGE); rangeStr = mapPattern(request, rangeStr); - notAfterVal = notBefore.getTime() + - (mDefault * Integer.parseInt(rangeStr)); + notAfterVal = notBefore.getTime() + + (mDefault * Integer.parseInt(rangeStr)); } catch (Exception e) { // configured value is not correct CMS.debug("CAValidityDefault: populate " + e.toString()); - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_RANGE)); + throw new EProfileException(CMS.getUserMessage(getLocale(request), + "CMS_INVALID_PROPERTY", CONFIG_RANGE)); } Date notAfter = new Date(notAfterVal); - CertificateValidity validity = - new CertificateValidity(notBefore, notAfter); + CertificateValidity validity = new CertificateValidity(notBefore, + notAfter); try { info.set(X509CertInfo.VALIDITY, validity); } catch (Exception e) { // failed to insert subject name CMS.debug("CAValidityDefault: populate " + e.toString()); - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_INVALID_PROPERTY", X509CertInfo.VALIDITY)); + throw new EProfileException(CMS.getUserMessage(getLocale(request), + "CMS_INVALID_PROPERTY", X509CertInfo.VALIDITY)); } } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java index 6dfb24c13..796c9760d 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -45,12 +44,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a CRL Distribution points extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates a CRL + * Distribution points extension into the certificate template. + * * @version $Revision$, $Date$ */ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { @@ -84,32 +81,30 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_POINTS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_POINTS || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_POINTS || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS)); - } + "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS)); + } } super.setConfig(name, value); } - public Enumeration getConfigNames() { refreshConfigAndValueNames(); return super.getConfigNames(); @@ -147,44 +142,36 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } } - if (num >= MAX_NUM_POINTS) + if (num >= MAX_NUM_POINTS) num = DEF_NUM_POINTS; return num; } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_CRITICAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_POINT_TYPE)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_POINT_TYPE")); } else if (name.startsWith(CONFIG_POINT_NAME)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_POINT_NAME")); } else if (name.startsWith(CONFIG_REASONS)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_REASONS")); } else if (name.startsWith(CONFIG_ISSUER_TYPE)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_TYPE")); } else if (name.startsWith(CONFIG_ISSUER_NAME)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_NAME")); } else if (name.startsWith(CONFIG_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - null, + return new Descriptor(IDescriptor.BOOLEAN, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); } else if (name.startsWith(CONFIG_NUM_POINTS)) { - return new Descriptor(IDescriptor.INTEGER, null, - "1", + return new Descriptor(IDescriptor.INTEGER, null, "1", CMS.getUserMessage(locale, "CMS_PROFILE_NUM_DIST_POINTS")); } else { @@ -193,61 +180,56 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + if (name.equals(VAL_CRITICAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_CRL_DISTRIBUTION_POINTS")); + return new Descriptor(IDescriptor.STRING_LIST, null, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_CRL_DISTRIBUTION_POINTS")); } else { return null; } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { try { CRLDistributionPointsExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + if (name == null) { + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - ext = (CRLDistributionPointsExtension) - getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); + ext = (CRLDistributionPointsExtension) getExtension( + PKIXExtensions.CRLDistributionPoints_Id.toString(), info); - if(ext == null) { - populate(locale,info); + if (ext == null) { + populate(locale, info); } if (name.equals(VAL_CRITICAL)) { - ext = (CRLDistributionPointsExtension) - getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); + ext = (CRLDistributionPointsExtension) getExtension( + PKIXExtensions.CRLDistributionPoints_Id.toString(), + info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) - { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { - ext = (CRLDistributionPointsExtension) - getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); - - if(ext == null) - { + ext.setCritical(val); + } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { + ext = (CRLDistributionPointsExtension) getExtension( + PKIXExtensions.CRLDistributionPoints_Id.toString(), + info); + + if (ext == null) { return; } Vector v = parseRecords(value); int size = v.size(); - + boolean critical = ext.isCritical(); int i = 0; @@ -265,7 +247,8 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { String name1 = (String) names.nextElement(); if (name1.equals(REASONS)) { - addReasons(locale, cdp, REASONS, nvps.getValue(name1)); + addReasons(locale, cdp, REASONS, + nvps.getValue(name1)); } else if (name1.equals(POINT_TYPE)) { pointType = nvps.getValue(name1); } else if (name1.equals(POINT_NAME)) { @@ -285,7 +268,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { if (issuerType != null) addIssuer(locale, cdp, issuerType, issuerValue); - // this is the first distribution point + // this is the first distribution point if (i == 0) { ext = new CRLDistributionPointsExtension(cdp); ext.setCritical(critical); @@ -295,51 +278,52 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } } } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - replaceExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - ext, info); + replaceExtension( + PKIXExtensions.CRLDistributionPoints_Id.toString(), ext, + info); } catch (EProfileException e) { - CMS.debug("CRLDistributionPointsExtDefault: setValue " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + CMS.debug("CRLDistributionPointsExtDefault: setValue " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } - private void addCRLPoint(Locale locale, CRLDistributionPoint cdp, String type, - String value) throws EPropertyException { + private void addCRLPoint(Locale locale, CRLDistributionPoint cdp, + String type, String value) throws EPropertyException { try { if (value == null || value.length() == 0) return; - + if (type.equals(RELATIVETOISSUER)) { cdp.setRelativeName(new RDN(value)); } else if (isGeneralNameType(type)) { GeneralNames gen = new GeneralNames(); - gen.addElement(parseGeneralName(type,value)); + gen.addElement(parseGeneralName(type, value)); cdp.setFullName(gen); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", type)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", type)); } } catch (IOException e) { - CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", type)); + CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", type)); } catch (GeneralNamesException e) { - CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", type)); + CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", type)); } } - private void addIssuer(Locale locale, CRLDistributionPoint cdp, String type, - String value) throws EPropertyException { + private void addIssuer(Locale locale, CRLDistributionPoint cdp, + String type, String value) throws EPropertyException { if (value == null || value.length() == 0) return; try { @@ -349,20 +333,20 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { gen.addElement(parseGeneralName(type, value)); cdp.setCRLIssuer(gen); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", type)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", type)); } } catch (IOException e) { - CMS.debug("CRLDistributionPointsExtDefault: addIssuer " + - e.toString()); + CMS.debug("CRLDistributionPointsExtDefault: addIssuer " + + e.toString()); } catch (GeneralNamesException e) { - CMS.debug("CRLDistributionPointsExtDefault: addIssuer " + - e.toString()); + CMS.debug("CRLDistributionPointsExtDefault: addIssuer " + + e.toString()); } } - private void addReasons(Locale locale, CRLDistributionPoint cdp, String type, - String value) throws EPropertyException { + private void addReasons(Locale locale, CRLDistributionPoint cdp, + String type, String value) throws EPropertyException { if (value == null || value.length() == 0) return; if (type.equals(REASONS)) { @@ -375,56 +359,52 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { Reason r = Reason.fromString(s); if (r == null) { - CMS.debug("CRLDistributeionPointsExtDefault: addReasons Unknown reason: " + s); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", s)); + CMS.debug("CRLDistributeionPointsExtDefault: addReasons Unknown reason: " + + s); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", s)); } else { reasonBits |= r.getBitMask(); } } if (reasonBits != 0) { - BitArray ba = new BitArray(8, new byte[] {reasonBits} - ); + BitArray ba = new BitArray(8, new byte[] { reasonBits }); cdp.setReasons(ba); } } } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", type)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", type)); } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { CRLDistributionPointsExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - ext = (CRLDistributionPointsExtension) - getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); + ext = (CRLDistributionPointsExtension) getExtension( + PKIXExtensions.CRLDistributionPoints_Id.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(locale,info); + populate(locale, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (CRLDistributionPointsExtension) - getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); + ext = (CRLDistributionPointsExtension) getExtension( + PKIXExtensions.CRLDistributionPoints_Id.toString(), info); if (ext == null) { return null; @@ -434,10 +414,9 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { - ext = (CRLDistributionPointsExtension) - getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); + } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { + ext = (CRLDistributionPointsExtension) getExtension( + PKIXExtensions.CRLDistributionPoints_Id.toString(), info); if (ext == null) return ""; @@ -451,7 +430,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { NameValuePairs pairs = null; if (i < ext.getNumPoints()) { - CRLDistributionPoint p = ext.getPointAt(i); + CRLDistributionPoint p = ext.getPointAt(i); GeneralNames gns = p.getFullName(); pairs = buildGeneralNames(gns, p); @@ -461,11 +440,11 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { recs.addElement(pairs); } } - + return buildRecords(recs); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } @@ -481,8 +460,8 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { return pairs; } - protected NameValuePairs buildGeneralNames(GeneralNames gns, CRLDistributionPoint p) - throws EPropertyException { + protected NameValuePairs buildGeneralNames(GeneralNames gns, + CRLDistributionPoint p) throws EPropertyException { NameValuePairs pairs = new NameValuePairs(); @@ -551,14 +530,14 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { if (reasons != null) { byte[] b = reasons.toByteArray(); Reason[] reasonArray = Reason.bitArrayToReasonArray(b); - + for (int i = 0; i < reasonArray.length; i++) { if (sb.length() > 0) sb.append(","); sb.append(reasonArray[i].getName()); } } - + return sb.toString(); } @@ -589,39 +568,39 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { sb.append(getConfig(CONFIG_ENABLE + i)); sb.append("}"); } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_CRL_DIST_POINTS_EXT", - getConfig(CONFIG_CRITICAL), - sb.toString()); + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_CRL_DIST_POINTS_EXT", + getConfig(CONFIG_CRITICAL), sb.toString()); } /** * Populates the request with this policy default. */ private void populate(Locale locale, X509CertInfo info) - throws EProfileException { + throws EProfileException { CRLDistributionPointsExtension ext = createExtension(locale); if (ext == null) return; - addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - ext, info); + addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), ext, + info); } + /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { CRLDistributionPointsExtension ext = createExtension(request); if (ext == null) return; - addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - ext, info); + addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), ext, + info); } public CRLDistributionPointsExtension createExtension(IRequest request) { - CRLDistributionPointsExtension ext = null; + CRLDistributionPointsExtension ext = null; int num = 0; try { @@ -631,8 +610,8 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { for (int i = 0; i < num; i++) { CRLDistributionPoint cdp = new CRLDistributionPoint(); - String enable = getConfig(CONFIG_ENABLE + i); - String pointType = getConfig(CONFIG_POINT_TYPE + i); + String enable = getConfig(CONFIG_ENABLE + i); + String pointType = getConfig(CONFIG_POINT_TYPE + i); String pointName = getConfig(CONFIG_POINT_NAME + i); String reasons = getConfig(CONFIG_REASONS + i); String issuerType = getConfig(CONFIG_ISSUER_TYPE + i); @@ -640,11 +619,13 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { if (enable != null && enable.equals("true")) { if (pointType != null) - addCRLPoint(getLocale(request), cdp, pointType, pointName); + addCRLPoint(getLocale(request), cdp, pointType, + pointName); if (issuerType != null) - addIssuer(getLocale(request), cdp, issuerType, issuerName); + addIssuer(getLocale(request), cdp, issuerType, + issuerName); if (reasons != null) - addReasons(getLocale(request), cdp, REASONS, reasons); + addReasons(getLocale(request), cdp, REASONS, reasons); if (i == 0) { ext = new CRLDistributionPointsExtension(cdp); @@ -655,8 +636,8 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } } } catch (Exception e) { - CMS.debug("CRLDistribtionPointsExtDefault: createExtension " + - e.toString()); + CMS.debug("CRLDistribtionPointsExtDefault: createExtension " + + e.toString()); CMS.debug(e); } @@ -697,8 +678,8 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } } } catch (Exception e) { - CMS.debug("CRLDistribtionPointsExtDefault: createExtension " + - e.toString()); + CMS.debug("CRLDistribtionPointsExtDefault: createExtension " + + e.toString()); CMS.debug(e); } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java index 14eec785e..f707c1529 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java @@ -1,4 +1,3 @@ - // --- BEGIN COPYRIGHT BLOCK --- // This program is free software; you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by @@ -18,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -49,10 +47,9 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; /** - * This class implements an enrollment default policy - * that populates a policy mappings extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates a policy + * mappings extension into the certificate template. + * * @version $Revision$, $Date$ */ public class CertificatePoliciesExtDefault extends EnrollExtDefault { @@ -122,33 +119,31 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) throws EPropertyException { int num = 0; if (name.equals(CONFIG_POLICY_NUM)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_POLICIES || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_POLICIES || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_POLICY_NUM)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_POLICY_NUM)); - } + "CMS_INVALID_PROPERTY", CONFIG_POLICY_NUM)); + } } super.setConfig(name, value); } - public Enumeration getConfigNames() { refreshConfigAndValueNames(); return super.getConfigNames(); @@ -166,67 +161,69 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { int numQualifiers = getNumQualifiers(); addConfigName(CONFIG_POLICY_NUM); - + for (int i = 0; i < num; i++) { - addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ID); - addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ENABLE); - for (int j=0; j<numQualifiers; j++) { - addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_ENABLE); - addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ENABLE); - addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_VALUE); - addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ORG); - addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_NUMBERS); - addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_TEXT); + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ID); + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ENABLE); + for (int j = 0; j < numQualifiers; j++) { + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + + j + SEPARATOR + CONFIG_CPSURI_ENABLE); + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + + j + SEPARATOR + CONFIG_USERNOTICE_ENABLE); + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + + j + SEPARATOR + CONFIG_CPSURI_VALUE); + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + + j + SEPARATOR + CONFIG_USERNOTICE_ORG); + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + + j + SEPARATOR + CONFIG_USERNOTICE_TEXT); } } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.indexOf(CONFIG_POLICY_ID) >= 0) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_ID")); + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_ID")); } else if (name.indexOf(CONFIG_CPSURI_ENABLE) >= 0) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_CPSURI_ENABLE")); + return new Descriptor(IDescriptor.BOOLEAN, null, "false", + CMS.getUserMessage(locale, + "CMS_PROFILE_POLICY_QUALIFIER_CPSURI_ENABLE")); } else if (name.indexOf(CONFIG_USERNOTICE_ENABLE) >= 0) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_USERNOTICE_ENABLE")); + return new Descriptor(IDescriptor.BOOLEAN, null, "false", + CMS.getUserMessage(locale, + "CMS_PROFILE_POLICY_QUALIFIER_USERNOTICE_ENABLE")); } else if (name.indexOf(CONFIG_POLICY_ENABLE) >= 0) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CERTIFICATE_POLICY_ENABLE")); + return new Descriptor(IDescriptor.BOOLEAN, null, "false", + CMS.getUserMessage(locale, + "CMS_PROFILE_CERTIFICATE_POLICY_ENABLE")); } else if (name.indexOf(CONFIG_POLICY_QUALIFIERS_NUM) >= 0) { - return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_NUM")); + return new Descriptor(IDescriptor.INTEGER, null, "1", + CMS.getUserMessage(locale, + "CMS_PROFILE_POLICY_QUALIFIER_NUM")); } else if (name.indexOf(CONFIG_USERNOTICE_ORG) >= 0) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_USERNOTICE_REF_ORG")); + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_POLICY_USERNOTICE_REF_ORG")); } else if (name.indexOf(CONFIG_USERNOTICE_NUMBERS) >= 0) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_USERNOTICE_REF_NUMBERS")); + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_POLICY_USERNOTICE_REF_NUMBERS")); } else if (name.indexOf(CONFIG_USERNOTICE_TEXT) >= 0) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_USERNOTICE_EXPLICIT_TEXT")); + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_POLICY_USERNOTICE_EXPLICIT_TEXT")); } else if (name.indexOf(CONFIG_CPSURI_VALUE) >= 0) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_CPSURI")); } else if (name.indexOf(CONFIG_POLICY_NUM) >= 0) { - return new Descriptor(IDescriptor.INTEGER, null, - "5", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICIES")); + return new Descriptor(IDescriptor.INTEGER, null, "5", + CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICIES")); } return null; } @@ -234,12 +231,10 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_POLICY_QUALIFIERS)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIERS")); } return null; @@ -253,126 +248,143 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { int index = token.indexOf(":"); if (index <= 0) throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", token)); + "CMS_INVALID_PROPERTY", token)); String name = token.substring(0, index); String val = ""; - if ((token.length()-1) > index) { - val = token.substring(index+1); + if ((token.length() - 1) > index) { + val = token.substring(index + 1); } table.put(name, val); - } - + } + return table; } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { try { CertificatePoliciesExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_CRITICAL)) { - ext = (CertificatePoliciesExtension) - getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - info); + ext = (CertificatePoliciesExtension) getExtension( + PKIXExtensions.CertificatePolicies_Id.toString(), info); boolean val = Boolean.valueOf(value).booleanValue(); - ext.setCritical(val); - } else if (name.equals(VAL_POLICY_QUALIFIERS)) { - ext = (CertificatePoliciesExtension) - getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - info); - + ext.setCritical(val); + } else if (name.equals(VAL_POLICY_QUALIFIERS)) { + ext = (CertificatePoliciesExtension) getExtension( + PKIXExtensions.CertificatePolicies_Id.toString(), info); + Hashtable h = buildRecords(value); - String numStr = (String)h.get(CONFIG_POLICY_NUM); + String numStr = (String) h.get(CONFIG_POLICY_NUM); int size = Integer.parseInt(numStr); Vector certificatePolicies = new Vector(); for (int i = 0; i < size; i++) { - String enable = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ENABLE); + String enable = (String) h.get(CONFIG_PREFIX + i + + SEPARATOR + CONFIG_POLICY_ENABLE); CertificatePolicyInfo cinfo = null; if (enable != null && enable.equals("true")) { - String policyId = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ID); + String policyId = (String) h.get(CONFIG_PREFIX + i + + SEPARATOR + CONFIG_POLICY_ID); - if (policyId == null || policyId.length() == 0) - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID")); + if (policyId == null || policyId.length() == 0) + throw new EPropertyException( + CMS.getUserMessage(locale, + "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID")); CertificatePolicyId cpolicyId = getPolicyId(policyId); - String qualifersNum = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_QUALIFIERS_NUM); + String qualifersNum = (String) h.get(CONFIG_PREFIX + i + + SEPARATOR + CONFIG_POLICY_QUALIFIERS_NUM); PolicyQualifiers policyQualifiers = new PolicyQualifiers(); int num = 0; if (qualifersNum != null && qualifersNum.length() > 0) num = Integer.parseInt(qualifersNum); - for (int j=0; j<num; j++) { - String cpsuriEnable = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_ENABLE); - String usernoticeEnable = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ENABLE); - if (cpsuriEnable != null && cpsuriEnable.equals("true")) { - String cpsuri = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_VALUE); + for (int j = 0; j < num; j++) { + String cpsuriEnable = (String) h.get(CONFIG_PREFIX + + i + SEPARATOR + CONFIG_PREFIX1 + j + + SEPARATOR + CONFIG_CPSURI_ENABLE); + String usernoticeEnable = (String) h + .get(CONFIG_PREFIX + i + SEPARATOR + + CONFIG_PREFIX1 + j + SEPARATOR + + CONFIG_USERNOTICE_ENABLE); + if (cpsuriEnable != null + && cpsuriEnable.equals("true")) { + String cpsuri = (String) h.get(CONFIG_PREFIX + + i + SEPARATOR + CONFIG_PREFIX1 + j + + SEPARATOR + CONFIG_CPSURI_VALUE); netscape.security.x509.PolicyQualifierInfo qualifierInfo = createCPSuri(cpsuri); if (qualifierInfo != null) - policyQualifiers.add(qualifierInfo); - } else if (usernoticeEnable != null && enable.equals("true")) { - String org = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ORG); - String noticenumbers = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_NUMBERS); - String explicitText = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_TEXT); - netscape.security.x509.PolicyQualifierInfo qualifierInfo = createUserNotice(org, - noticenumbers, explicitText); + policyQualifiers.add(qualifierInfo); + } else if (usernoticeEnable != null + && enable.equals("true")) { + String org = (String) h.get(CONFIG_PREFIX + i + + SEPARATOR + CONFIG_PREFIX1 + j + + SEPARATOR + CONFIG_USERNOTICE_ORG); + String noticenumbers = (String) h + .get(CONFIG_PREFIX + i + SEPARATOR + + CONFIG_PREFIX1 + j + + SEPARATOR + + CONFIG_USERNOTICE_NUMBERS); + String explicitText = (String) h + .get(CONFIG_PREFIX + i + SEPARATOR + + CONFIG_PREFIX1 + j + + SEPARATOR + + CONFIG_USERNOTICE_TEXT); + netscape.security.x509.PolicyQualifierInfo qualifierInfo = createUserNotice( + org, noticenumbers, explicitText); if (qualifierInfo != null) - policyQualifiers.add(qualifierInfo); + policyQualifiers.add(qualifierInfo); } } if (policyQualifiers.size() <= 0) { - cinfo = - new CertificatePolicyInfo(cpolicyId); + cinfo = new CertificatePolicyInfo(cpolicyId); } else { - cinfo = - new CertificatePolicyInfo(cpolicyId, policyQualifiers); + cinfo = new CertificatePolicyInfo(cpolicyId, + policyQualifiers); } if (cinfo != null) - certificatePolicies.addElement(cinfo); + certificatePolicies.addElement(cinfo); } } ext.set(CertificatePoliciesExtension.INFOS, certificatePolicies); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } replaceExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - ext, info); + ext, info); } catch (EProfileException e) { CMS.debug("CertificatePoliciesExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } catch (IOException e) { CMS.debug("CertificatePoliciesExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { CertificatePoliciesExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_CRITICAL)) { - ext = (CertificatePoliciesExtension) - getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - info); + ext = (CertificatePoliciesExtension) getExtension( + PKIXExtensions.CertificatePolicies_Id.toString(), info); if (ext == null) { return null; @@ -382,10 +394,9 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_POLICY_QUALIFIERS)) { - ext = (CertificatePoliciesExtension) - getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - info); + } else if (name.equals(VAL_POLICY_QUALIFIERS)) { + ext = (CertificatePoliciesExtension) getExtension( + PKIXExtensions.CertificatePolicies_Id.toString(), info); if (ext == null) return ""; @@ -399,7 +410,7 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { sb.append("\n"); Vector infos = null; try { - infos = (Vector)(ext.get(CertificatePoliciesExtension.INFOS)); + infos = (Vector) (ext.get(CertificatePoliciesExtension.INFOS)); } catch (IOException ee) { } Enumeration policies = ext.getElements(); @@ -409,70 +420,79 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { String policyId = ""; String policyEnable = "false"; PolicyQualifiers qualifiers = null; - if (infos.size() > 0) { - CertificatePolicyInfo cinfo = - (CertificatePolicyInfo) infos.elementAt(0); - - CertificatePolicyId id1 = cinfo.getPolicyIdentifier(); + if (infos.size() > 0) { + CertificatePolicyInfo cinfo = (CertificatePolicyInfo) infos + .elementAt(0); + + CertificatePolicyId id1 = cinfo.getPolicyIdentifier(); policyId = id1.getIdentifier().toString(); policyEnable = "true"; qualifiers = cinfo.getPolicyQualifiers(); if (qualifiers != null) - qSize = qualifiers.size(); + qSize = qualifiers.size(); infos.removeElementAt(0); } - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ENABLE); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ENABLE); sb.append(":"); sb.append(policyEnable); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ID); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ID); sb.append(":"); sb.append(policyId); sb.append("\n"); - + if (qSize == 0) { - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_QUALIFIERS_NUM); + sb.append(CONFIG_PREFIX + i + SEPARATOR + + CONFIG_POLICY_QUALIFIERS_NUM); sb.append(":"); sb.append(DEF_NUM_QUALIFIERS); sb.append("\n"); } else { - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_QUALIFIERS_NUM); + sb.append(CONFIG_PREFIX + i + SEPARATOR + + CONFIG_POLICY_QUALIFIERS_NUM); sb.append(":"); sb.append(qSize); sb.append("\n"); } if (qSize == 0) { - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_CPSURI_ENABLE); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + + "0" + SEPARATOR + CONFIG_CPSURI_ENABLE); sb.append(":"); sb.append("false"); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_CPSURI_VALUE); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + + "0" + SEPARATOR + CONFIG_CPSURI_VALUE); sb.append(":"); sb.append(""); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_USERNOTICE_ENABLE); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + + "0" + SEPARATOR + CONFIG_USERNOTICE_ENABLE); sb.append(":"); sb.append("false"); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_USERNOTICE_ORG); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + + "0" + SEPARATOR + CONFIG_USERNOTICE_ORG); sb.append(":"); sb.append(""); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_USERNOTICE_NUMBERS); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + + "0" + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); sb.append(":"); sb.append(""); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_USERNOTICE_TEXT); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + + "0" + SEPARATOR + CONFIG_USERNOTICE_TEXT); sb.append(":"); sb.append(""); sb.append("\n"); } - for (int j=0; j<qSize; j++) { - netscape.security.x509.PolicyQualifierInfo qinfo = qualifiers.getInfoAt(j); + for (int j = 0; j < qSize; j++) { + netscape.security.x509.PolicyQualifierInfo qinfo = qualifiers + .getInfoAt(j); ObjectIdentifier oid = qinfo.getId(); Qualifier qualifier = qinfo.getQualifier(); - + String cpsuriEnable = "false"; String usernoticeEnable = "false"; String cpsuri = ""; @@ -480,18 +500,23 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { StringBuffer noticeNum = new StringBuffer(); String explicitText = ""; - if (oid.toString().equals(netscape.security.x509.PolicyQualifierInfo.QT_CPS.toString())) { + if (oid.toString().equals( + netscape.security.x509.PolicyQualifierInfo.QT_CPS + .toString())) { cpsuriEnable = "true"; - CPSuri content = (CPSuri)qualifier; - cpsuri = content.getURI(); - } else if (oid.toString().equals(netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE.toString())) { + CPSuri content = (CPSuri) qualifier; + cpsuri = content.getURI(); + } else if (oid + .toString() + .equals(netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE + .toString())) { usernoticeEnable = "true"; - UserNotice content = (UserNotice)qualifier; + UserNotice content = (UserNotice) qualifier; NoticeReference ref = content.getNoticeReference(); if (ref != null) { org = ref.getOrganization().getText(); int[] nums = ref.getNumbers(); - for (int k=0; k<nums.length; k++) { + for (int k = 0; k < nums.length; k++) { if (k != 0) { noticeNum.append(","); noticeNum.append(nums[k]); @@ -504,27 +529,33 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { explicitText = displayText.getText(); } - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_ENABLE); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + + j + SEPARATOR + CONFIG_CPSURI_ENABLE); sb.append(":"); sb.append(cpsuriEnable); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_VALUE); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + + j + SEPARATOR + CONFIG_CPSURI_VALUE); sb.append(":"); sb.append(cpsuri); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ENABLE); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + + j + SEPARATOR + CONFIG_USERNOTICE_ENABLE); sb.append(":"); sb.append(usernoticeEnable); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ORG); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + + j + SEPARATOR + CONFIG_USERNOTICE_ORG); sb.append(":"); sb.append(org); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_NUMBERS); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); sb.append(":"); sb.append(noticeNum.toString()); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_TEXT); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + + j + SEPARATOR + CONFIG_USERNOTICE_TEXT); sb.append(":"); sb.append(explicitText); sb.append("\n"); @@ -532,8 +563,8 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { } // end of for loop return sb.toString(); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } @@ -551,7 +582,8 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { sb.append(","); for (int i = 0; i < num; i++) { sb.append("{"); - IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX+i); + IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX + + i); String enable = substore.getString(CONFIG_POLICY_ENABLE, ""); sb.append(POLICY_ID_ENABLE + ":"); sb.append(enable); @@ -560,34 +592,41 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { sb.append(POLICY_ID + ":"); sb.append(policyId); sb.append(","); - String qualifiersNum = substore.getString(CONFIG_POLICY_QUALIFIERS_NUM, ""); - sb.append(CONFIG_POLICY_QUALIFIERS_NUM+":"); + String qualifiersNum = substore.getString( + CONFIG_POLICY_QUALIFIERS_NUM, ""); + sb.append(CONFIG_POLICY_QUALIFIERS_NUM + ":"); sb.append(qualifiersNum); sb.append(","); - for (int j=0; j<num1; j++) { - IConfigStore substore1 = substore.getSubStore(CONFIG_PREFIX1+j); + for (int j = 0; j < num1; j++) { + IConfigStore substore1 = substore + .getSubStore(CONFIG_PREFIX1 + j); sb.append("{"); - String cpsuriEnable = substore1.getString(CONFIG_CPSURI_ENABLE, ""); + String cpsuriEnable = substore1.getString( + CONFIG_CPSURI_ENABLE, ""); sb.append(POLICY_QUALIFIER_CPSURI_ENABLE + ":"); sb.append(cpsuriEnable); sb.append(","); - String usernoticeEnable = substore1.getString(CONFIG_USERNOTICE_ENABLE, ""); - sb.append(POLICY_QUALIFIER_USERNOTICE_ENABLE+ ":"); + String usernoticeEnable = substore1.getString( + CONFIG_USERNOTICE_ENABLE, ""); + sb.append(POLICY_QUALIFIER_USERNOTICE_ENABLE + ":"); sb.append(usernoticeEnable); sb.append(","); String org = substore1.getString(CONFIG_USERNOTICE_ORG, ""); sb.append(USERNOTICE_REF_ORG + ":"); sb.append(org); sb.append(","); - String refNums = substore1.getString(CONFIG_USERNOTICE_NUMBERS, ""); + String refNums = substore1.getString( + CONFIG_USERNOTICE_NUMBERS, ""); sb.append(USERNOTICE_REF_NUMBERS + ":"); sb.append(refNums); sb.append(","); - String explicitText = substore1.getString(CONFIG_USERNOTICE_TEXT, ""); + String explicitText = substore1.getString( + CONFIG_USERNOTICE_TEXT, ""); sb.append(USERNOTICE_EXPLICIT_TEXT + ":"); sb.append(explicitText); sb.append(","); - String cpsuri = substore1.getString(CONFIG_CPSURI_VALUE, ""); + String cpsuri = substore1 + .getString(CONFIG_CPSURI_VALUE, ""); sb.append(CPSURI + ":"); sb.append(cpsuri); sb.append("}"); @@ -595,9 +634,9 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { sb.append("}"); } sb.append("}"); - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_CERTIFICATE_POLICIES_EXT", - getConfig(CONFIG_CRITICAL), sb.toString()); + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_CERTIFICATE_POLICIES_EXT", + getConfig(CONFIG_CRITICAL), sb.toString()); } catch (Exception e) { return ""; } @@ -607,127 +646,144 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { CertificatePoliciesExtension ext = createExtension(); if (ext == null) return; - addExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - ext, info); + addExtension(PKIXExtensions.CertificatePolicies_Id.toString(), ext, + info); } - public CertificatePoliciesExtension createExtension() - throws EProfileException { - CertificatePoliciesExtension ext = null; + public CertificatePoliciesExtension createExtension() + throws EProfileException { + CertificatePoliciesExtension ext = null; try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); Vector certificatePolicies = new Vector(); int num = getNumPolicies(); - CMS.debug("CertificatePoliciesExtension: createExtension: number of policies="+num); + CMS.debug("CertificatePoliciesExtension: createExtension: number of policies=" + + num); IConfigStore config = getConfigStore(); - for (int i = 0; i < num; i++) { + for (int i = 0; i < num; i++) { IConfigStore basesubstore = config.getSubStore("params"); - IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX+i); + IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX + + i); String enable = substore.getString(CONFIG_POLICY_ENABLE); - CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy "+i+" enable="+enable); + CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy " + + i + " enable=" + enable); if (enable != null && enable.equals("true")) { String policyId = substore.getString(CONFIG_POLICY_ID); CertificatePolicyId cpolicyId = getPolicyId(policyId); - CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy "+i+" policyId="+policyId); + CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy " + + i + " policyId=" + policyId); int qualifierNum = getNumQualifiers(); PolicyQualifiers policyQualifiers = new PolicyQualifiers(); - for (int j=0; j<qualifierNum; j++) { - IConfigStore substore1 = substore.getSubStore(CONFIG_PREFIX1+j); - String cpsuriEnable = substore1.getString(CONFIG_CPSURI_ENABLE); - String usernoticeEnable = substore1.getString(CONFIG_USERNOTICE_ENABLE); + for (int j = 0; j < qualifierNum; j++) { + IConfigStore substore1 = substore + .getSubStore(CONFIG_PREFIX1 + j); + String cpsuriEnable = substore1 + .getString(CONFIG_CPSURI_ENABLE); + String usernoticeEnable = substore1 + .getString(CONFIG_USERNOTICE_ENABLE); if (cpsuriEnable != null && cpsuriEnable.equals("true")) { - String cpsuri = substore1.getString(CONFIG_CPSURI_VALUE, ""); - netscape.security.x509.PolicyQualifierInfo qualifierInfo = createCPSuri(cpsuri); + String cpsuri = substore1.getString( + CONFIG_CPSURI_VALUE, ""); + netscape.security.x509.PolicyQualifierInfo qualifierInfo = createCPSuri(cpsuri); if (qualifierInfo != null) - policyQualifiers.add(qualifierInfo); - } else if (usernoticeEnable != null && - usernoticeEnable.equals("true")) { - - String org = substore1.getString(CONFIG_USERNOTICE_ORG); - String noticenumbers = substore1.getString(CONFIG_USERNOTICE_NUMBERS); - String explicitText = substore1.getString(CONFIG_USERNOTICE_TEXT); - netscape.security.x509.PolicyQualifierInfo qualifierInfo = createUserNotice(org, - noticenumbers, explicitText); + policyQualifiers.add(qualifierInfo); + } else if (usernoticeEnable != null + && usernoticeEnable.equals("true")) { + + String org = substore1 + .getString(CONFIG_USERNOTICE_ORG); + String noticenumbers = substore1 + .getString(CONFIG_USERNOTICE_NUMBERS); + String explicitText = substore1 + .getString(CONFIG_USERNOTICE_TEXT); + netscape.security.x509.PolicyQualifierInfo qualifierInfo = createUserNotice( + org, noticenumbers, explicitText); if (qualifierInfo != null) policyQualifiers.add(qualifierInfo); } } - + CertificatePolicyInfo info = null; if (policyQualifiers.size() <= 0) { - info = - new CertificatePolicyInfo(cpolicyId); + info = new CertificatePolicyInfo(cpolicyId); } else { - info = - new CertificatePolicyInfo(cpolicyId, policyQualifiers); + info = new CertificatePolicyInfo(cpolicyId, + policyQualifiers); } - + if (info != null) - certificatePolicies.addElement(info); + certificatePolicies.addElement(info); } } - ext = new CertificatePoliciesExtension(critical, certificatePolicies); + ext = new CertificatePoliciesExtension(critical, + certificatePolicies); } catch (EPropertyException e) { throw new EProfileException(e.toString()); } catch (EProfileException e) { throw e; } catch (Exception e) { - CMS.debug("CertificatePoliciesExtDefault: createExtension " + - e.toString()); + CMS.debug("CertificatePoliciesExtDefault: createExtension " + + e.toString()); } return ext; } - private CertificatePolicyId getPolicyId (String policyId) throws EPropertyException { + private CertificatePolicyId getPolicyId(String policyId) + throws EPropertyException { if (policyId == null || policyId.length() == 0) - throw new EPropertyException(CMS.getUserMessage( - "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID")); + throw new EPropertyException( + CMS.getUserMessage("CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID")); CertificatePolicyId cpolicyId = null; try { cpolicyId = new CertificatePolicyId( - ObjectIdentifier.getObjectIdentifier(policyId)); + ObjectIdentifier.getObjectIdentifier(policyId)); return cpolicyId; } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_PROFILE_CERTIFICATE_POLICIES_POLICYID_ERROR", policyId)); + throw new EPropertyException( + CMS.getUserMessage( + "CMS_PROFILE_CERTIFICATE_POLICIES_POLICYID_ERROR", + policyId)); } } - private netscape.security.x509.PolicyQualifierInfo createCPSuri(String uri) throws EPropertyException { - if (uri == null || uri.length() == 0) - throw new EPropertyException(CMS.getUserMessage( - "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_CPSURI")); + private netscape.security.x509.PolicyQualifierInfo createCPSuri(String uri) + throws EPropertyException { + if (uri == null || uri.length() == 0) + throw new EPropertyException( + CMS.getUserMessage("CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_CPSURI")); + + CPSuri cpsURI = new CPSuri(uri); + netscape.security.x509.PolicyQualifierInfo policyQualifierInfo2 = new netscape.security.x509.PolicyQualifierInfo( + netscape.security.x509.PolicyQualifierInfo.QT_CPS, cpsURI); - CPSuri cpsURI = new CPSuri(uri); - netscape.security.x509.PolicyQualifierInfo policyQualifierInfo2 = - new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_CPS, cpsURI); - return policyQualifierInfo2; } - private netscape.security.x509.PolicyQualifierInfo createUserNotice(String organization, - String noticeText, String noticeNums) throws EPropertyException { - - if ((organization == null || organization.length() == 0) && - (noticeNums == null || noticeNums.length() == 0) && - (noticeText == null || noticeText.length() == 0)) + private netscape.security.x509.PolicyQualifierInfo createUserNotice( + String organization, String noticeText, String noticeNums) + throws EPropertyException { + + if ((organization == null || organization.length() == 0) + && (noticeNums == null || noticeNums.length() == 0) + && (noticeText == null || noticeText.length() == 0)) return null; DisplayText explicitText = null; - if (noticeText != null && noticeText.length() > 0) - explicitText = new DisplayText(DisplayText.tag_VisibleString, noticeText); + if (noticeText != null && noticeText.length() > 0) + explicitText = new DisplayText(DisplayText.tag_VisibleString, + noticeText); int nums[] = null; if (noticeNums != null && noticeNums.length() > 0) { @@ -751,8 +807,8 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { DisplayText orgName = null; if (organization != null && organization.length() > 0) { - orgName = - new DisplayText(DisplayText.tag_VisibleString, organization); + orgName = new DisplayText(DisplayText.tag_VisibleString, + organization); } NoticeReference noticeReference = null; @@ -762,10 +818,11 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { UserNotice userNotice = null; if (explicitText != null || noticeReference != null) { - userNotice = new UserNotice (noticeReference, explicitText); + userNotice = new UserNotice(noticeReference, explicitText); - netscape.security.x509.PolicyQualifierInfo policyQualifierInfo1 = - new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE, userNotice); + netscape.security.x509.PolicyQualifierInfo policyQualifierInfo1 = new netscape.security.x509.PolicyQualifierInfo( + netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE, + userNotice); return policyQualifierInfo1; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java index f3b68594c..bd3e3f2ee 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java @@ -34,10 +34,9 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; /** - * This class implements an enrollment default policy - * that populates a Netscape comment extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates a Netscape + * comment extension into the certificate template. + * * @version $Revision$, $Date$ */ public class CertificateVersionDefault extends EnrollExtDefault { @@ -54,71 +53,67 @@ public class CertificateVersionDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_VERSION)) { - return new Descriptor(IDescriptor.INTEGER, null, - "3", + return new Descriptor(IDescriptor.INTEGER, null, "3", CMS.getUserMessage(locale, "CMS_PROFILE_VERSION")); } else { return null; } } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) throws EPropertyException { if (name.equals(CONFIG_VERSION)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_VERSION)); - } + "CMS_INVALID_PROPERTY", CONFIG_VERSION)); + } } super.setConfig(name, value); } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_VERSION)) { - return new Descriptor(IDescriptor.INTEGER, null, - "3", + return new Descriptor(IDescriptor.INTEGER, null, "3", CMS.getUserMessage(locale, "CMS_PROFILE_VERSION")); } else { return null; } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { try { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - if (name.equals(VAL_VERSION)) { + if (name.equals(VAL_VERSION)) { if (value == null || value.equals("")) - throw new EPropertyException(name+" cannot be empty"); + throw new EPropertyException(name + " cannot be empty"); else { - int version = Integer.valueOf(value).intValue()-1; - + int version = Integer.valueOf(value).intValue() - 1; + if (version == CertificateVersion.V1) - info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V1)); + info.set(X509CertInfo.VERSION, new CertificateVersion( + CertificateVersion.V1)); else if (version == CertificateVersion.V2) - info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V2)); + info.set(X509CertInfo.VERSION, new CertificateVersion( + CertificateVersion.V2)); else if (version == CertificateVersion.V3) - info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + info.set(X509CertInfo.VERSION, new CertificateVersion( + CertificateVersion.V3)); } } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } catch (IOException e) { CMS.debug("CertificateVersionDefault: setValue " + e.toString()); @@ -127,67 +122,65 @@ public class CertificateVersionDefault extends EnrollExtDefault { } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - if (name.equals(VAL_VERSION)) { + if (name.equals(VAL_VERSION)) { CertificateVersion v = null; - try { - v = (CertificateVersion)info.get( - X509CertInfo.VERSION); + try { + v = (CertificateVersion) info.get(X509CertInfo.VERSION); } catch (Exception e) { } if (v == null) - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); int version = v.compare(0); - - return ""+(version+1); + + return "" + (version + 1); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_VERSION) - }; + String params[] = { getConfig(CONFIG_VERSION) }; - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_CERT_VERSION", params); + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_CERT_VERSION", + params); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { String v = getConfig(CONFIG_VERSION); - int version = Integer.valueOf(v).intValue()-1; - + int version = Integer.valueOf(v).intValue() - 1; + try { if (version == CertificateVersion.V1) - info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V1)); + info.set(X509CertInfo.VERSION, new CertificateVersion( + CertificateVersion.V1)); else if (version == CertificateVersion.V2) - info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V2)); + info.set(X509CertInfo.VERSION, new CertificateVersion( + CertificateVersion.V2)); else if (version == CertificateVersion.V3) - info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + info.set(X509CertInfo.VERSION, new CertificateVersion( + CertificateVersion.V3)); else { throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_VERSION)); + getLocale(request), "CMS_INVALID_PROPERTY", + CONFIG_VERSION)); } } catch (IOException e) { } catch (CertificateException e) { - } + } } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java index b5afc1c79..8538266bc 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java @@ -60,13 +60,13 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements an enrollment default policy. - * + * * @version $Revision$, $Date$ */ -public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDefault { +public abstract class EnrollDefault implements IPolicyDefault, + ICertInfoPolicyDefault { public static final String PROP_NAME = "name"; @@ -98,8 +98,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe mConfigNames.addElement(name); } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) throws EPropertyException { if (mConfig.getSubStore("params") == null) { // } else { @@ -120,19 +119,18 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mConfig = config; } /** * Retrieves the localizable description of this policy. - * + * * @param locale locale of the end user * @return localized description of this default policy */ public abstract String getText(Locale locale); - public IConfigStore getConfigStore() { return mConfig; } @@ -147,60 +145,54 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe /** * Populates attributes into the certificate template. - * + * * @param request enrollment request * @param info certificate template - * @exception EProfileException failed to populate attributes - * into request + * @exception EProfileException failed to populate attributes into request */ public abstract void populate(IRequest request, X509CertInfo info) - throws EProfileException; + throws EProfileException; /** * Sets values from the approval page into certificate template. - * + * * @param name name of the attribute * @param locale user locale * @param info certificate template * @param value attribute value - * @exception EProfileException failed to set attributes - * into request + * @exception EProfileException failed to set attributes into request */ - public abstract void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException; + public abstract void setValue(String name, Locale locale, + X509CertInfo info, String value) throws EPropertyException; /** - * Retrieves certificate template values and returns them to - * the approval page. - * + * Retrieves certificate template values and returns them to the approval + * page. + * * @param name name of the attribute * @param locale user locale * @param info certificate template - * @exception EProfileException failed to get attributes - * from request + * @exception EProfileException failed to get attributes from request */ - public abstract String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException; + public abstract String getValue(String name, Locale locale, + X509CertInfo info) throws EPropertyException; /** * Populates the request with this policy default. - * - * The current implementation extracts enrollment specific attributes - * and calls the populate() method of the subclass. - * + * + * The current implementation extracts enrollment specific attributes and + * calls the populate() method of the subclass. + * * @param request request to be populated * @exception EProfileException failed to populate */ - public void populate(IRequest request) - throws EProfileException { + public void populate(IRequest request) throws EProfileException { String name = getClass().getName(); name = name.substring(name.lastIndexOf('.') + 1); CMS.debug(name + ": populate start"); - X509CertInfo info = - request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); + X509CertInfo info = request + .getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); populate(request, info); @@ -222,21 +214,20 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe /** * Sets the value of the given value property by name. - * - * The current implementation extracts enrollment specific attributes - * and calls the setValue() method of the subclass. - * + * + * The current implementation extracts enrollment specific attributes and + * calls the setValue() method of the subclass. + * * @param name name of property * @param locale locale of the end user * @param request request * @param value value to be set in the given request * @exception EPropertyException failed to set property */ - public void setValue(String name, Locale locale, IRequest request, - String value) - throws EPropertyException { - X509CertInfo info = - request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); + public void setValue(String name, Locale locale, IRequest request, + String value) throws EPropertyException { + X509CertInfo info = request + .getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); setValue(name, locale, info, value); @@ -244,21 +235,20 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe } /** - * Retrieves the value of the given value - * property by name. - * - * The current implementation extracts enrollment specific attributes - * and calls the getValue() method of the subclass. - * + * Retrieves the value of the given value property by name. + * + * The current implementation extracts enrollment specific attributes and + * calls the getValue() method of the subclass. + * * @param name name of property * @param locale locale of the end user * @param request request * @exception EPropertyException failed to get property */ public String getValue(String name, Locale locale, IRequest request) - throws EPropertyException { - X509CertInfo info = - request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); + throws EPropertyException { + X509CertInfo info = request + .getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); String value = getValue(name, locale, info); request.setExtData(IEnrollProfile.REQUEST_CERTINFO, info); @@ -279,16 +269,15 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe } protected void refreshConfigAndValueNames() { - mConfigNames.removeAllElements(); - mValueNames.removeAllElements(); + mConfigNames.removeAllElements(); + mValueNames.removeAllElements(); } protected void deleteExtension(String name, X509CertInfo info) { CertificateExtensions exts = null; try { - exts = (CertificateExtensions) - info.get(X509CertInfo.EXTENSIONS); + exts = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS); if (exts == null) return; Enumeration e = exts.getNames(); @@ -310,8 +299,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe CertificateExtensions exts = null; try { - exts = (CertificateExtensions) - info.get(X509CertInfo.EXTENSIONS); + exts = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS); } catch (Exception e) { CMS.debug("EnrollDefault: getExtension " + e.toString()); } @@ -336,23 +324,24 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe } protected void addExtension(String name, Extension ext, X509CertInfo info) - throws EProfileException { + throws EProfileException { if (ext == null) { throw new EProfileException("extension not found"); } CertificateExtensions exts = null; - Extension alreadyPresentExtension = getExtension(name,info); + Extension alreadyPresentExtension = getExtension(name, info); if (alreadyPresentExtension != null) { String eName = ext.toString(); - CMS.debug("EnrollDefault.addExtension: duplicate extension attempted! Name: " + eName); - throw new EProfileException(CMS.getUserMessage("CMS_PROFILE_DUPLICATE_EXTENSION",eName)); + CMS.debug("EnrollDefault.addExtension: duplicate extension attempted! Name: " + + eName); + throw new EProfileException(CMS.getUserMessage( + "CMS_PROFILE_DUPLICATE_EXTENSION", eName)); } try { - exts = (CertificateExtensions) - info.get(X509CertInfo.EXTENSIONS); + exts = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS); } catch (Exception e) { CMS.debug("EnrollDefault: " + e.toString()); } @@ -366,8 +355,8 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe } } - protected void replaceExtension(String name, Extension ext, X509CertInfo info) - throws EProfileException { + protected void replaceExtension(String name, Extension ext, + X509CertInfo info) throws EProfileException { deleteExtension(name, info); addExtension(name, ext, info); } @@ -392,65 +381,62 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe return getInt(getConfig(value)); } - protected boolean isGeneralNameValid(String name) - { + protected boolean isGeneralNameValid(String name) { if (name == null) - return false; + return false; int pos = name.indexOf(':'); if (pos == -1) - return false; + return false; String nameType = name.substring(0, pos).trim(); String nameValue = name.substring(pos + 1).trim(); if (nameValue.equals("")) - return false; + return false; return true; } protected GeneralNameInterface parseGeneralName(String name) - throws IOException { + throws IOException { int pos = name.indexOf(':'); if (pos == -1) - return null; + return null; String nameType = name.substring(0, pos).trim(); String nameValue = name.substring(pos + 1).trim(); return parseGeneralName(nameType, nameValue); } - protected boolean isGeneralNameType(String nameType) - { + protected boolean isGeneralNameType(String nameType) { if (nameType.equalsIgnoreCase("RFC822Name")) { - return true; + return true; } if (nameType.equalsIgnoreCase("DNSName")) { - return true; + return true; } if (nameType.equalsIgnoreCase("x400")) { - return true; + return true; } if (nameType.equalsIgnoreCase("DirectoryName")) { - return true; + return true; } if (nameType.equalsIgnoreCase("EDIPartyName")) { - return true; + return true; } if (nameType.equalsIgnoreCase("URIName")) { - return true; + return true; } if (nameType.equalsIgnoreCase("IPAddress")) { - return true; + return true; } if (nameType.equalsIgnoreCase("OIDName")) { - return true; + return true; } if (nameType.equalsIgnoreCase("OtherName")) { - return true; + return true; } return false; } - protected GeneralNameInterface parseGeneralName(String nameType, String nameValue) - throws IOException - { + protected GeneralNameInterface parseGeneralName(String nameType, + String nameValue) throws IOException { if (nameType.equalsIgnoreCase("RFC822Name")) { return new RFC822Name(nameValue); } @@ -458,7 +444,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe return new DNSName(nameValue); } if (nameType.equalsIgnoreCase("x400")) { - // XXX + // XXX } if (nameType.equalsIgnoreCase("DirectoryName")) { return new X500Name(nameValue); @@ -476,153 +462,158 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe StringTokenizer st = new StringTokenizer(nameValue, "/"); String addr = st.nextToken(); String netmask = st.nextToken(); - CMS.debug("addr:" + addr +" netmask: "+netmask); + CMS.debug("addr:" + addr + " netmask: " + netmask); return new IPAddressName(addr, netmask); - } else { + } else { return new IPAddressName(nameValue); - } + } } if (nameType.equalsIgnoreCase("OIDName")) { try { - // check if OID - ObjectIdentifier oid = new ObjectIdentifier(nameValue); + // check if OID + ObjectIdentifier oid = new ObjectIdentifier(nameValue); } catch (Exception e) { - return null; + return null; } return new OIDName(nameValue); - } + } if (nameType.equals("OtherName")) { if (nameValue == null || nameValue.length() == 0) nameValue = " "; if (nameValue.startsWith("(PrintableString)")) { - // format: OtherName: (PrintableString)oid,value - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_PrintableString, on_value); - } else { - return null; - } + // format: OtherName: (PrintableString)oid,value + int pos0 = nameValue.indexOf(')'); + int pos1 = nameValue.indexOf(','); + if (pos1 == -1) + return null; + String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); + String on_value = nameValue.substring(pos1 + 1).trim(); + if (isValidOID(on_oid)) { + return new OtherName(new ObjectIdentifier(on_oid), + DerValue.tag_PrintableString, on_value); + } else { + return null; + } } else if (nameValue.startsWith("(KerberosName)")) { // Syntax: (KerberosName)Realm|NameType|NameString(s) - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf('|'); - int pos2 = nameValue.lastIndexOf('|'); - String realm = nameValue.substring(pos0 + 1, pos1).trim(); - String name_type = nameValue.substring(pos1 + 1, pos2).trim(); - String name_strings = nameValue.substring(pos2 + 1).trim(); - Vector strings = new Vector(); - StringTokenizer st = new StringTokenizer(name_strings, ","); - while (st.hasMoreTokens()) { - strings.addElement(st.nextToken()); - } - KerberosName name = new KerberosName(realm, - Integer.parseInt(name_type), strings); - // krb5 OBJECT IDENTIFIER ::= { iso (1) - // org (3) - // dod (6) - // internet (1) - // security (5) - // kerberosv5 (2) } - // krb5PrincipalName OBJECT IDENTIFIER ::= { krb5 2 } - return new OtherName(KerberosName.KRB5_PRINCIPAL_NAME, - name.toByteArray()); + int pos0 = nameValue.indexOf(')'); + int pos1 = nameValue.indexOf('|'); + int pos2 = nameValue.lastIndexOf('|'); + String realm = nameValue.substring(pos0 + 1, pos1).trim(); + String name_type = nameValue.substring(pos1 + 1, pos2).trim(); + String name_strings = nameValue.substring(pos2 + 1).trim(); + Vector strings = new Vector(); + StringTokenizer st = new StringTokenizer(name_strings, ","); + while (st.hasMoreTokens()) { + strings.addElement(st.nextToken()); + } + KerberosName name = new KerberosName(realm, + Integer.parseInt(name_type), strings); + // krb5 OBJECT IDENTIFIER ::= { iso (1) + // org (3) + // dod (6) + // internet (1) + // security (5) + // kerberosv5 (2) } + // krb5PrincipalName OBJECT IDENTIFIER ::= { krb5 2 } + return new OtherName(KerberosName.KRB5_PRINCIPAL_NAME, + name.toByteArray()); } else if (nameValue.startsWith("(IA5String)")) { - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_IA5String, on_value); - } else { - return null; - } + int pos0 = nameValue.indexOf(')'); + int pos1 = nameValue.indexOf(','); + if (pos1 == -1) + return null; + String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); + String on_value = nameValue.substring(pos1 + 1).trim(); + if (isValidOID(on_oid)) { + return new OtherName(new ObjectIdentifier(on_oid), + DerValue.tag_IA5String, on_value); + } else { + return null; + } } else if (nameValue.startsWith("(UTF8String)")) { - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_UTF8String, on_value); - } else { - return null; - } + int pos0 = nameValue.indexOf(')'); + int pos1 = nameValue.indexOf(','); + if (pos1 == -1) + return null; + String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); + String on_value = nameValue.substring(pos1 + 1).trim(); + if (isValidOID(on_oid)) { + return new OtherName(new ObjectIdentifier(on_oid), + DerValue.tag_UTF8String, on_value); + } else { + return null; + } } else if (nameValue.startsWith("(BMPString)")) { - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_BMPString, on_value); - } else { - return null; - } + int pos0 = nameValue.indexOf(')'); + int pos1 = nameValue.indexOf(','); + if (pos1 == -1) + return null; + String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); + String on_value = nameValue.substring(pos1 + 1).trim(); + if (isValidOID(on_oid)) { + return new OtherName(new ObjectIdentifier(on_oid), + DerValue.tag_BMPString, on_value); + } else { + return null; + } } else if (nameValue.startsWith("(Any)")) { - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - CMS.debug("OID: " + on_oid + " Value:" + on_value); - return new OtherName(new ObjectIdentifier(on_oid), getBytes(on_value)); - } else { - CMS.debug("Invalid OID " + on_oid); - return null; - } + int pos0 = nameValue.indexOf(')'); + int pos1 = nameValue.indexOf(','); + if (pos1 == -1) + return null; + String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); + String on_value = nameValue.substring(pos1 + 1).trim(); + if (isValidOID(on_oid)) { + CMS.debug("OID: " + on_oid + " Value:" + on_value); + return new OtherName(new ObjectIdentifier(on_oid), + getBytes(on_value)); + } else { + CMS.debug("Invalid OID " + on_oid); + return null; + } } else { - return null; + return null; } } return null; } -/** - * Converts string containing pairs of characters in the range of '0' - * to '9', 'a' to 'f' to an array of bytes such that each pair of - * characters in the string represents an individual byte - */ + /** + * Converts string containing pairs of characters in the range of '0' to + * '9', 'a' to 'f' to an array of bytes such that each pair of characters in + * the string represents an individual byte + */ public byte[] getBytes(String string) { - if (string == null) - return null; - int stringLength = string.length(); - if ((stringLength == 0) || ((stringLength % 2) != 0)) - return null; - byte[] bytes = new byte[ (stringLength / 2) ]; - for (int i = 0, b = 0; i < stringLength; i += 2, ++b) { - String nextByte = string.substring(i, (i + 2)); - bytes[b] = (byte)Integer.parseInt(nextByte, 0x10); - } - return bytes; + if (string == null) + return null; + int stringLength = string.length(); + if ((stringLength == 0) || ((stringLength % 2) != 0)) + return null; + byte[] bytes = new byte[(stringLength / 2)]; + for (int i = 0, b = 0; i < stringLength; i += 2, ++b) { + String nextByte = string.substring(i, (i + 2)); + bytes[b] = (byte) Integer.parseInt(nextByte, 0x10); + } + return bytes; } /** - * Check if a object identifier in string form is valid, - * that is a string in the form n.n.n.n and der encode and decode-able. + * Check if a object identifier in string form is valid, that is a string in + * the form n.n.n.n and der encode and decode-able. + * * @param oid object identifier string. * @return true if the oid is valid */ - public boolean isValidOID(String oid) - { - ObjectIdentifier v = null; + public boolean isValidOID(String oid) { + ObjectIdentifier v = null; try { v = ObjectIdentifier.getObjectIdentifier(oid); } catch (Exception e) { - return false; + return false; } if (v == null) - return false; + return false; // if the OID isn't valid (ex. n.n) the error isn't caught til // encoding time leaving a bad request in the request queue. @@ -632,7 +623,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe derOut.putOID(v); new ObjectIdentifier(new DerInputStream(derOut.toByteArray())); } catch (Exception e) { - return false; + return false; } return true; } @@ -658,7 +649,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe sb.append("\r\n"); } sb.append("\r\n"); - + } return sb.toString(); } @@ -678,7 +669,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe v.addElement(nvps); try { token = (String) st.nextToken(); - } catch (NoSuchElementException e) { + } catch (NoSuchElementException e) { v.removeElementAt(num); CMS.debug(e.toString()); return v; @@ -688,7 +679,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe if (nvps == null) throw new EPropertyException("Bad Input Format"); - + int pos = token.indexOf(":"); if (pos <= 0) { @@ -706,8 +697,8 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe return v; } - protected String getGeneralNameType(GeneralName gn) - throws EPropertyException { + protected String getGeneralNameType(GeneralName gn) + throws EPropertyException { int type = gn.getType(); if (type == GeneralNameInterface.NAME_RFC822) @@ -730,7 +721,8 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe throw new EPropertyException("Unsupported type: " + type); } - protected String getGeneralNameValue(GeneralName gn) throws EPropertyException { + protected String getGeneralNameValue(GeneralName gn) + throws EPropertyException { String s = gn.toString(); int type = gn.getType(); @@ -740,7 +732,8 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe int pos = s.indexOf(":"); if (pos <= 0) - throw new EPropertyException("Badly formatted general name: " + s); + throw new EPropertyException("Badly formatted general name: " + + s); else { return s.substring(pos + 1).trim(); } @@ -753,8 +746,8 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe if (request == null) return null; - String language = request.getExtDataInString( - EnrollProfile.REQUEST_LOCALE); + String language = request + .getExtDataInString(EnrollProfile.REQUEST_LOCALE); if (language != null) { locale = new Locale(language); } @@ -762,17 +755,17 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe } public String toGeneralNameString(GeneralName gn) { - int type = gn.getType(); + int type = gn.getType(); // Sun's General Name is not consistent, so we need // to do a special case for directory string if (type == GeneralNameInterface.NAME_DIRECTORY) { - return "DirectoryName: " + gn.toString(); + return "DirectoryName: " + gn.toString(); } return gn.toString(); } protected String mapPattern(IRequest request, String pattern) - throws IOException { + throws IOException { Pattern p = new Pattern(pattern); IAttrSet attrSet = null; if (request != null) { @@ -781,30 +774,34 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe return p.substitute2("request", attrSet); } - protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) - { + protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) { StringBuffer result = new StringBuffer(); // Do we need to escape any characters for (int i = 0; i < v.length(); i++) { int c = v.charAt(i); - if (c == ',' || c == '=' || c == '+' || c == '<' || - c == '>' || c == '#' || c == ';' || c == '\r' || - c == '\n' || c == '\\' || c == '"') { - if ((c == 0x5c) && ((i+1) < v.length())) { - int nextC = v.charAt(i+1); - if ((c == 0x5c) && (nextC == ',' || nextC == '=' || nextC == '+' || - nextC == '<' || nextC == '>' || nextC == '#' || - nextC == ';' || nextC == '\r' || nextC == '\n' || - nextC == '\\' || nextC == '"')) { - if (doubleEscape) result.append('\\'); + if (c == ',' || c == '=' || c == '+' || c == '<' || c == '>' + || c == '#' || c == ';' || c == '\r' || c == '\n' + || c == '\\' || c == '"') { + if ((c == 0x5c) && ((i + 1) < v.length())) { + int nextC = v.charAt(i + 1); + if ((c == 0x5c) + && (nextC == ',' || nextC == '=' || nextC == '+' + || nextC == '<' || nextC == '>' + || nextC == '#' || nextC == ';' + || nextC == '\r' || nextC == '\n' + || nextC == '\\' || nextC == '"')) { + if (doubleEscape) + result.append('\\'); } else { result.append('\\'); - if (doubleEscape) result.append('\\'); + if (doubleEscape) + result.append('\\'); } } else { result.append('\\'); - if (doubleEscape) result.append('\\'); + if (doubleEscape) + result.append('\\'); } } if (c == '\r') { @@ -812,10 +809,10 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe } else if (c == '\n') { result.append("0A"); } else { - result.append((char)c); + result.append((char) c); } } return result; } - + } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java index 7cf2a3596..acdf98b42 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java @@ -17,14 +17,10 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - - - /** - * This class implements an enrollment extension - * default policy that extension into the certificate - * template. - * + * This class implements an enrollment extension default policy that extension + * into the certificate template. + * * @version $Revision$, $Date$ */ public abstract class EnrollExtDefault extends EnrollDefault { diff --git a/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java index 62d21cc8c..141718cde 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.util.Enumeration; import java.util.Locale; import java.util.StringTokenizer; @@ -35,12 +34,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates Extended Key Usage extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates Extended + * Key Usage extension into the certificate template. + * * @version $Revision$, $Date$ */ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { @@ -60,18 +57,16 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_OIDS)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_OIDS")); } return null; @@ -79,8 +74,7 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_OIDS)) { return new Descriptor(IDescriptor.STRING_LIST, null, null, @@ -90,93 +84,87 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { ExtendedKeyUsageExtension ext = null; + ext = (ExtendedKeyUsageExtension) getExtension( + ExtendedKeyUsageExtension.OID, info); - ext = (ExtendedKeyUsageExtension) - getExtension(ExtendedKeyUsageExtension.OID, info); - - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - } - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + } + if (name == null) { + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_CRITICAL)) { - ext = (ExtendedKeyUsageExtension) - getExtension(ExtendedKeyUsageExtension.OID, info); - boolean val = Boolean.valueOf(value).booleanValue(); + ext = (ExtendedKeyUsageExtension) getExtension( + ExtendedKeyUsageExtension.OID, info); + boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) { + if (ext == null) { return; } - ext.setCritical(val); + ext.setCritical(val); } else if (name.equals(VAL_OIDS)) { - ext = (ExtendedKeyUsageExtension) - getExtension(ExtendedKeyUsageExtension.OID, info); - // ext.deleteAllOIDs(); + ext = (ExtendedKeyUsageExtension) getExtension( + ExtendedKeyUsageExtension.OID, info); + // ext.deleteAllOIDs(); StringTokenizer st = new StringTokenizer(value, ","); - if(ext == null) { + if (ext == null) { return; } while (st.hasMoreTokens()) { String oid = st.nextToken(); - ext.addOID(new ObjectIdentifier(oid)); + ext.addOID(new ObjectIdentifier(oid)); } } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } try { replaceExtension(ExtendedKeyUsageExtension.OID, ext, info); } catch (EProfileException e) { CMS.debug("ExtendedKeyUsageExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - ExtendedKeyUsageExtension ext = (ExtendedKeyUsageExtension) - getExtension(ExtendedKeyUsageExtension.OID, info); - + ExtendedKeyUsageExtension ext = (ExtendedKeyUsageExtension) getExtension( + ExtendedKeyUsageExtension.OID, info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (ExtendedKeyUsageExtension) - getExtension(ExtendedKeyUsageExtension.OID, info); + ext = (ExtendedKeyUsageExtension) getExtension( + ExtendedKeyUsageExtension.OID, info); if (ext == null) { return null; @@ -187,58 +175,54 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { return "false"; } } else if (name.equals(VAL_OIDS)) { - ext = (ExtendedKeyUsageExtension) - getExtension(ExtendedKeyUsageExtension.OID, info); + ext = (ExtendedKeyUsageExtension) getExtension( + ExtendedKeyUsageExtension.OID, info); StringBuffer sb = new StringBuffer(); - if(ext == null) { + if (ext == null) { return ""; } Enumeration e = ext.getOIDs(); while (e.hasMoreElements()) { - ObjectIdentifier oid = (ObjectIdentifier) - e.nextElement(); + ObjectIdentifier oid = (ObjectIdentifier) e.nextElement(); if (!sb.toString().equals("")) { sb.append(","); - } + } sb.append(oid.toString()); } return sb.toString(); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_OIDS) - }; + String params[] = { getConfig(CONFIG_CRITICAL), getConfig(CONFIG_OIDS) }; - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_EXTENDED_KEY_EXT", params); + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_EXTENDED_KEY_EXT", + params); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { ExtendedKeyUsageExtension ext = createExtension(); addExtension(ExtendedKeyUsageExtension.OID, ext, info); } public ExtendedKeyUsageExtension createExtension() { - ExtendedKeyUsageExtension ext = null; + ExtendedKeyUsageExtension ext = null; try { ext = new ExtendedKeyUsageExtension(); } catch (Exception e) { - CMS.debug("ExtendedKeyUsageExtDefault: createExtension " + - e.toString()); + CMS.debug("ExtendedKeyUsageExtDefault: createExtension " + + e.toString()); } if (ext == null) return null; @@ -250,7 +234,7 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { while (st.hasMoreTokens()) { String oid = st.nextToken(); - ext.addOID(new ObjectIdentifier(oid)); + ext.addOID(new ObjectIdentifier(oid)); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java index 7b9bcd525..a2de8447d 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -42,12 +41,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates Freshest CRL extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates Freshest + * CRL extension into the certificate template. + * * @version $Revision$, $Date$ */ public class FreshestCRLExtDefault extends EnrollExtDefault { @@ -61,8 +58,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { public static final String CONFIG_ENABLE = "freshestCRLPointEnable_"; public static final String VAL_CRITICAL = "freshestCRLCritical"; - public static final String VAL_CRL_DISTRIBUTION_POINTS = - "freshestCRLPointsValue"; + public static final String VAL_CRL_DISTRIBUTION_POINTS = "freshestCRLPointsValue"; private static final String POINT_TYPE = "Point Type"; private static final String POINT_NAME = "Point Name"; @@ -78,12 +74,11 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } - protected int getNumPoints() { int num = DEF_NUM_POINTS; String val = getConfig(CONFIG_NUM_POINTS); @@ -102,34 +97,32 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { return num; } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_POINTS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_POINTS || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_POINTS || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS)); - } + "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS)); + } } super.setConfig(name, value); } - public Enumeration getConfigNames() { refreshConfigAndValueNames(); return super.getConfigNames(); } protected void refreshConfigAndValueNames() { - //refesh our config name list + // refesh our config name list super.refreshConfigAndValueNames(); addValueName(VAL_CRITICAL); @@ -149,88 +142,76 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_CRITICAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_POINT_TYPE)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_POINT_TYPE")); } else if (name.startsWith(CONFIG_POINT_NAME)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_POINT_NAME")); } else if (name.startsWith(CONFIG_ISSUER_TYPE)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_TYPE")); } else if (name.startsWith(CONFIG_ISSUER_NAME)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_NAME")); } else if (name.startsWith(CONFIG_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - null, + return new Descriptor(IDescriptor.BOOLEAN, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); } else if (name.startsWith(CONFIG_NUM_POINTS)) { - return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_DIST_POINTS")); + return new Descriptor(IDescriptor.INTEGER, null, "1", + CMS.getUserMessage(locale, "CMS_PROFILE_NUM_DIST_POINTS")); } else { return null; } } public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + if (name.equals(VAL_CRITICAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_CRL_DISTRIBUTION_POINTS")); + return new Descriptor(IDescriptor.STRING_LIST, null, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_CRL_DISTRIBUTION_POINTS")); } else { return null; } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { try { FreshestCRLExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + if (name == null) { + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - ext = (FreshestCRLExtension) - getExtension(FreshestCRLExtension.OID, - info); + ext = (FreshestCRLExtension) getExtension(FreshestCRLExtension.OID, + info); - if(ext == null) { - populate(locale,info); + if (ext == null) { + populate(locale, info); } - + if (name.equals(VAL_CRITICAL)) { - ext = (FreshestCRLExtension) - getExtension(FreshestCRLExtension.OID, - info); + ext = (FreshestCRLExtension) getExtension( + FreshestCRLExtension.OID, info); boolean val = Boolean.valueOf(value).booleanValue(); - ext.setCritical(val); - } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { - ext = (FreshestCRLExtension) - getExtension(FreshestCRLExtension.OID, - info); + ext.setCritical(val); + } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { + ext = (FreshestCRLExtension) getExtension( + FreshestCRLExtension.OID, info); Vector v = parseRecords(value); int size = v.size(); - + boolean critical = ext.isCritical(); int i = 0; @@ -266,7 +247,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { if (issuerType != null) addIssuer(locale, cdp, issuerType, issuerValue); - // this is the first distribution point + // this is the first distribution point if (i == 0) { ext = new FreshestCRLExtension(cdp); ext.setCritical(critical); @@ -276,100 +257,91 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } } } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - replaceExtension(PKIXExtensions.FreshestCRL_Id.toString(), - ext, info); + replaceExtension(PKIXExtensions.FreshestCRL_Id.toString(), ext, + info); } catch (EProfileException e) { - CMS.debug("FreshestCRLExtDefault: setValue " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + CMS.debug("FreshestCRLExtDefault: setValue " + e.toString()); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } - private void addCRLPoint(Locale locale, CRLDistributionPoint cdp, String type, - String value) throws EPropertyException { + private void addCRLPoint(Locale locale, CRLDistributionPoint cdp, + String type, String value) throws EPropertyException { try { if (value == null || value.length() == 0) return; - + if (isGeneralNameType(type)) { GeneralNames gen = new GeneralNames(); - gen.addElement(parseGeneralName(type,value)); + gen.addElement(parseGeneralName(type, value)); cdp.setFullName(gen); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", type)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", type)); } } catch (IOException e) { - CMS.debug("FreshestCRLExtDefault: addCRLPoint " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", type)); + CMS.debug("FreshestCRLExtDefault: addCRLPoint " + e.toString()); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", type)); } catch (GeneralNamesException e) { - CMS.debug("FreshestCRLExtDefault: addCRLPoint " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", type)); + CMS.debug("FreshestCRLExtDefault: addCRLPoint " + e.toString()); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", type)); } } - private void addIssuer(Locale locale, CRLDistributionPoint cdp, String type, - String value) throws EPropertyException { + private void addIssuer(Locale locale, CRLDistributionPoint cdp, + String type, String value) throws EPropertyException { if (value == null || value.length() == 0) return; try { if (isGeneralNameType(type)) { GeneralNames gen = new GeneralNames(); - gen.addElement(parseGeneralName(type,value)); + gen.addElement(parseGeneralName(type, value)); cdp.setCRLIssuer(gen); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", type)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", type)); } } catch (IOException e) { - CMS.debug("FreshestCRLExtDefault: addIssuer " + - e.toString()); + CMS.debug("FreshestCRLExtDefault: addIssuer " + e.toString()); } catch (GeneralNamesException e) { - CMS.debug("FreshestCRLExtDefault: addIssuer " + - e.toString()); + CMS.debug("FreshestCRLExtDefault: addIssuer " + e.toString()); } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { FreshestCRLExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - ext = (FreshestCRLExtension) - getExtension(FreshestCRLExtension.OID, - info); - if(ext == null) - { + ext = (FreshestCRLExtension) getExtension(FreshestCRLExtension.OID, + info); + if (ext == null) { try { - populate(locale,info); + populate(locale, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (FreshestCRLExtension) - getExtension(FreshestCRLExtension.OID, - info); + ext = (FreshestCRLExtension) getExtension(FreshestCRLExtension.OID, + info); if (ext == null) { return null; @@ -379,10 +351,9 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { - ext = (FreshestCRLExtension) - getExtension(FreshestCRLExtension.OID, - info); + } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { + ext = (FreshestCRLExtension) getExtension(FreshestCRLExtension.OID, + info); if (ext == null) return ""; @@ -395,7 +366,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { NameValuePairs pairs = null; if (i < ext.getNumPoints()) { - CRLDistributionPoint p = ext.getPointAt(i); + CRLDistributionPoint p = ext.getPointAt(i); GeneralNames gns = p.getFullName(); pairs = buildGeneralNames(gns, p); @@ -404,11 +375,11 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } recs.addElement(pairs); } - + return buildRecords(recs); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } @@ -423,8 +394,8 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { return pairs; } - protected NameValuePairs buildGeneralNames(GeneralNames gns, CRLDistributionPoint p) - throws EPropertyException { + protected NameValuePairs buildGeneralNames(GeneralNames gns, + CRLDistributionPoint p) throws EPropertyException { NameValuePairs pairs = new NameValuePairs(); @@ -495,17 +466,15 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { sb.append(getConfig(CONFIG_ENABLE + i)); sb.append("}"); } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_FRESHEST_CRL_EXT", - getConfig(CONFIG_CRITICAL), - sb.toString()); + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_FRESHEST_CRL_EXT", + getConfig(CONFIG_CRITICAL), sb.toString()); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { FreshestCRLExtension ext = createExtension(request); if (ext == null) @@ -519,30 +488,31 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); - ext.setCritical(critical); + ext.setCritical(critical); num = getNumPoints(); for (int i = 0; i < num; i++) { CRLDistributionPoint cdp = new CRLDistributionPoint(); - String enable = getConfig(CONFIG_ENABLE + i); - String pointType = getConfig(CONFIG_POINT_TYPE + i); + String enable = getConfig(CONFIG_ENABLE + i); + String pointType = getConfig(CONFIG_POINT_TYPE + i); String pointName = getConfig(CONFIG_POINT_NAME + i); String issuerType = getConfig(CONFIG_ISSUER_TYPE + i); String issuerName = getConfig(CONFIG_ISSUER_NAME + i); if (enable != null && enable.equals("true")) { if (pointType != null) - addCRLPoint(getLocale(request), cdp, pointType, pointName); + addCRLPoint(getLocale(request), cdp, pointType, + pointName); if (issuerType != null) - addIssuer(getLocale(request), cdp, issuerType, issuerName); + addIssuer(getLocale(request), cdp, issuerType, + issuerName); - ext.addPoint(cdp); + ext.addPoint(cdp); } } } catch (Exception e) { - CMS.debug("FreshestCRLExtDefault: createExtension " + - e.toString()); + CMS.debug("FreshestCRLExtDefault: createExtension " + e.toString()); } return ext; @@ -552,7 +522,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ private void populate(Locale locale, X509CertInfo info) - throws EProfileException { + throws EProfileException { FreshestCRLExtension ext = createExtension(locale); if (ext == null) @@ -588,8 +558,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } } } catch (Exception e) { - CMS.debug("FreshestCRLExtDefault: createExtension " + - e.toString()); + CMS.debug("FreshestCRLExtDefault: createExtension " + e.toString()); } return ext; diff --git a/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java index 4051f31a4..eb18d5ea1 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.util.Locale; import netscape.security.util.DerOutputStream; @@ -34,12 +33,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a Netscape comment extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates a Netscape + * comment extension into the certificate template. + * * @version $Revision$, $Date$ */ public class GenericExtDefault extends EnrollExtDefault { @@ -62,22 +59,19 @@ public class GenericExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_OID)) { - return new Descriptor(IDescriptor.STRING, null, - "Comment Here...", + return new Descriptor(IDescriptor.STRING, null, "Comment Here...", CMS.getUserMessage(locale, "CMS_PROFILE_OID")); } else if (name.equals(CONFIG_DATA)) { - return new Descriptor(IDescriptor.STRING, null, - "Comment Here...", + return new Descriptor(IDescriptor.STRING, null, "Comment Here...", CMS.getUserMessage(locale, "CMS_PROFILE_EXT_VALUE")); } else { return null; @@ -86,57 +80,51 @@ public class GenericExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_DATA)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_EXT_VALUE")); } else { return null; } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { try { Extension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } ObjectIdentifier oid = new ObjectIdentifier(getConfig(CONFIG_OID)); - ext = (Extension) - getExtension(oid.toString(), info); + ext = (Extension) getExtension(oid.toString(), info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } if (name.equals(VAL_CRITICAL)) { - ext = (Extension) - getExtension(oid.toString(), info); - if (ext == null) { + ext = (Extension) getExtension(oid.toString(), info); + if (ext == null) { return; } boolean val = Boolean.valueOf(value).booleanValue(); - ext.setCritical(val); - } else if (name.equals(VAL_DATA)) { - ext = (Extension) - getExtension(oid.toString(), info); - if (ext == null) { + ext.setCritical(val); + } else if (name.equals(VAL_DATA)) { + ext = (Extension) getExtension(oid.toString(), info); + if (ext == null) { return; } byte data[] = getBytes(value); - ext.setExtensionValue(data); + ext.setExtensionValue(data); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } replaceExtension(ext.getExtensionId().toString(), ext, info); @@ -145,37 +133,33 @@ public class GenericExtDefault extends EnrollExtDefault { } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { Extension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } ObjectIdentifier oid = new ObjectIdentifier(getConfig(CONFIG_OID)); - ext = (Extension) - getExtension(oid.toString(), info); + ext = (Extension) getExtension(oid.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (Extension) - getExtension(oid.toString(), info); + ext = (Extension) getExtension(oid.toString(), info); if (ext == null) { return null; @@ -185,10 +169,9 @@ public class GenericExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_DATA)) { + } else if (name.equals(VAL_DATA)) { - ext = (Extension) - getExtension(oid.toString(), info); + ext = (Extension) getExtension(oid.toString(), info); if (ext == null) return ""; @@ -197,31 +180,29 @@ public class GenericExtDefault extends EnrollExtDefault { if (data == null) return ""; - + return toStr(data); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_OID), - getConfig(CONFIG_DATA) - }; + String params[] = { getConfig(CONFIG_CRITICAL), getConfig(CONFIG_OID), + getConfig(CONFIG_DATA) }; - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_GENERIC_EXT", params); + return CMS + .getUserMessage(locale, "CMS_PROFILE_DEF_GENERIC_EXT", params); } public String toStr(byte data[]) { StringBuffer b = new StringBuffer(); for (int i = 0; i < data.length; i++) { - if ((data[i] & 0xff) < 16) { - b.append("0"); - } - b.append(Integer.toString((int)(data[i] & 0xff), 0x10)); + if ((data[i] & 0xff) < 16) { + b.append("0"); + } + b.append(Integer.toString((int) (data[i] & 0xff), 0x10)); } return b.toString(); } @@ -230,14 +211,14 @@ public class GenericExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { Extension ext = createExtension(request); addExtension(ext.getExtensionId().toString(), ext, info); } public Extension createExtension(IRequest request) { - Extension ext = null; + Extension ext = null; try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); @@ -250,13 +231,12 @@ public class GenericExtDefault extends EnrollExtDefault { data = getBytes(mapPattern(request, getConfig(CONFIG_DATA))); } - DerOutputStream out = new DerOutputStream(); + DerOutputStream out = new DerOutputStream(); out.putOctetString(data); ext = new Extension(oid, critical, out.toByteArray()); } catch (Exception e) { - CMS.debug("GenericExtDefault: createExtension " + - e.toString()); + CMS.debug("GenericExtDefault: createExtension " + e.toString()); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java index 5bb8abd49..f2863b4d5 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.util.Locale; import netscape.security.x509.X509CertInfo; @@ -31,11 +30,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that shows an image in the approval page. - * + * This class implements an enrollment default policy that shows an image in the + * approval page. + * * @version $Revision$, $Date$ */ public class ImageDefault extends EnrollDefault { @@ -50,7 +48,7 @@ public class ImageDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -67,41 +65,39 @@ public class ImageDefault extends EnrollDefault { } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { } public String getValue(String name, Locale locale, IRequest request) - throws EPropertyException { + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_IMAGE_URL)) { return request.getExtDataInString(INPUT_IMAGE_URL); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { return null; } public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_IMAGE" ); + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_IMAGE"); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java index c6bbc7f78..4aee226ce 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.math.BigInteger; import java.util.Locale; @@ -34,10 +33,9 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an inhibit Any-Policy extension - * + * * @version $Revision$, $Date$ */ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { @@ -61,31 +59,30 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { return new Descriptor(IDescriptor.BOOLEAN, null, "true", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); + CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_SKIP_CERTS)) { return new Descriptor(IDescriptor.INTEGER, null, "0", - CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS")); + CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS")); } else { return null; } } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) throws EPropertyException { if (name.equals(CONFIG_SKIP_CERTS)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_SKIP_CERTS)); - } + "CMS_INVALID_PROPERTY", CONFIG_SKIP_CERTS)); + } } super.setConfig(name, value); } @@ -93,36 +90,35 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { return new Descriptor(IDescriptor.BOOLEAN, null, "true", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); + CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_SKIP_CERTS)) { return new Descriptor(IDescriptor.INTEGER, null, "0", - CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS")); + CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS")); } else { return null; } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { try { InhibitAnyPolicyExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + if (name == null) { + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - ext = (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); + ext = (InhibitAnyPolicyExtension) getExtension( + InhibitAnyPolicyExtension.OID, info); - if(ext == null) { - populate(null,info); - } + if (ext == null) { + populate(null, info); + } if (name.equals(VAL_CRITICAL)) { - ext = (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); + ext = (InhibitAnyPolicyExtension) getExtension( + InhibitAnyPolicyExtension.OID, info); if (ext == null) { // it is ok, the extension is never populated or delted @@ -132,8 +128,8 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { ext.setCritical(critical); } else if (name.equals(VAL_SKIP_CERTS)) { - ext = (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); + ext = (InhibitAnyPolicyExtension) getExtension( + InhibitAnyPolicyExtension.OID, info); if (ext == null) { // it is ok, the extension is never populated or delted @@ -150,48 +146,44 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { BigInteger l = new BigInteger(value); num = new BigInt(l); } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - ext = new InhibitAnyPolicyExtension(critical, - num); + ext = new InhibitAnyPolicyExtension(critical, num); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } replaceExtension(InhibitAnyPolicyExtension.OID, ext, info); } catch (EProfileException e) { CMS.debug("InhibitAnyPolicyExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - InhibitAnyPolicyExtension ext = - (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); + InhibitAnyPolicyExtension ext = (InhibitAnyPolicyExtension) getExtension( + InhibitAnyPolicyExtension.OID, info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); + ext = (InhibitAnyPolicyExtension) getExtension( + InhibitAnyPolicyExtension.OID, info); if (ext == null) { return null; @@ -202,39 +194,38 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { return "false"; } } else if (name.equals(VAL_SKIP_CERTS)) { - ext = (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); + ext = (InhibitAnyPolicyExtension) getExtension( + InhibitAnyPolicyExtension.OID, info); if (ext == null) { return null; } BigInt n = ext.getSkipCerts(); - return ""+n.toInt(); + return "" + n.toInt(); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); + } } /* - * returns text that goes into description for this extension on - * a profile + * returns text that goes into description for this extension on a profile */ public String getText(Locale locale) { - StringBuffer sb = new StringBuffer(); + StringBuffer sb = new StringBuffer(); sb.append(SKIP_CERTS + ":"); sb.append(getConfig(CONFIG_SKIP_CERTS)); - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_INHIBIT_ANY_POLICY_EXT", - getConfig(CONFIG_CRITICAL), sb.toString()); + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_INHIBIT_ANY_POLICY_EXT", + getConfig(CONFIG_CRITICAL), sb.toString()); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { InhibitAnyPolicyExtension ext = null; ext = createExtension(request); @@ -242,11 +233,11 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { } public InhibitAnyPolicyExtension createExtension(IRequest request) - throws EProfileException { + throws EProfileException { InhibitAnyPolicyExtension ext = null; - boolean critical = Boolean.valueOf( - getConfig(CONFIG_CRITICAL)).booleanValue(); + boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL)) + .booleanValue(); String str = getConfig(CONFIG_SKIP_CERTS); if (str == null || str.equals("")) { @@ -259,7 +250,7 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { val = new BigInt(b); } catch (NumberFormatException e) { throw new EProfileException( - CMS.getUserMessage("CMS_PROFILE_INHIBIT_ANY_POLICY_WRONG_SKIP_CERTS")); + CMS.getUserMessage("CMS_PROFILE_INHIBIT_ANY_POLICY_WRONG_SKIP_CERTS")); } try { diff --git a/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java index 8f8837ebd..ae3f382bf 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -39,12 +38,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a issuer alternative name extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates a issuer + * alternative name extension into the certificate template. + * * @version $Revision$, $Date$ */ public class IssuerAltNameExtDefault extends EnrollExtDefault { @@ -67,25 +64,24 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_TYPE)) { - return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", - "RFC822Name", - CMS.getUserMessage(locale, - "CMS_PROFILE_ISSUER_ALT_NAME_TYPE")); + return new Descriptor( + IDescriptor.CHOICE, + "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", + "RFC822Name", CMS.getUserMessage(locale, + "CMS_PROFILE_ISSUER_ALT_NAME_TYPE")); } else if (name.equals(CONFIG_PATTERN)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_ISSUER_ALT_NAME_PATTERN")); + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_ISSUER_ALT_NAME_PATTERN")); } else { return null; } @@ -93,49 +89,44 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_GENERAL_NAMES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES")); } else { return null; } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { try { IssuerAlternativeNameExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + if (name == null) { + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - ext = - (IssuerAlternativeNameExtension) - getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); + ext = (IssuerAlternativeNameExtension) getExtension( + PKIXExtensions.IssuerAlternativeName_Id.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } - + if (name.equals(VAL_CRITICAL)) { - ext = - (IssuerAlternativeNameExtension) - getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); + ext = (IssuerAlternativeNameExtension) getExtension( + PKIXExtensions.IssuerAlternativeName_Id.toString(), + info); if (ext == null) { // it is ok, the extension is never populated or delted @@ -145,9 +136,9 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { ext.setCritical(critical); } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = - (IssuerAlternativeNameExtension) - getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); + ext = (IssuerAlternativeNameExtension) getExtension( + PKIXExtensions.IssuerAlternativeName_Id.toString(), + info); if (ext == null) { // it is ok, the extension is never populated or delted @@ -155,7 +146,9 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { } if (value.equals("")) { // if value is empty, do not add this extension - deleteExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); + deleteExtension( + PKIXExtensions.IssuerAlternativeName_Id.toString(), + info); return; } GeneralNames gn = new GeneralNames(); @@ -166,58 +159,55 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { GeneralNameInterface n = parseGeneralName(gname); if (n != null) { - gn.addElement(n); + gn.addElement(n); } } ext.set(IssuerAlternativeNameExtension.ISSUER_NAME, gn); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } replaceExtension( - PKIXExtensions.IssuerAlternativeName_Id.toString(), - ext, info); + PKIXExtensions.IssuerAlternativeName_Id.toString(), ext, + info); } catch (IOException e) { CMS.debug("IssuerAltNameExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } catch (EProfileException e) { CMS.debug("IssuerAltNameExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { try { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - IssuerAlternativeNameExtension ext = - (IssuerAlternativeNameExtension) - getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); + IssuerAlternativeNameExtension ext = (IssuerAlternativeNameExtension) getExtension( + PKIXExtensions.IssuerAlternativeName_Id.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = - (IssuerAlternativeNameExtension) - getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); + ext = (IssuerAlternativeNameExtension) getExtension( + PKIXExtensions.IssuerAlternativeName_Id.toString(), + info); if (ext == null) { return null; @@ -228,16 +218,15 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { return "false"; } } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = - (IssuerAlternativeNameExtension) - getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); - if(ext == null) - { + ext = (IssuerAlternativeNameExtension) getExtension( + PKIXExtensions.IssuerAlternativeName_Id.toString(), + info); + if (ext == null) { return ""; } - GeneralNames names = (GeneralNames) - ext.get(IssuerAlternativeNameExtension.ISSUER_NAME); + GeneralNames names = (GeneralNames) ext + .get(IssuerAlternativeNameExtension.ISSUER_NAME); StringBuffer sb = new StringBuffer(); Enumeration e = names.elements(); @@ -246,36 +235,33 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { if (!sb.toString().equals("")) { sb.append("\r\n"); - } + } sb.append(toGeneralNameString(gn)); } return sb.toString(); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } catch (IOException e) { - CMS.debug("IssuerAltNameExtDefault: getValue " + - e.toString()); + CMS.debug("IssuerAltNameExtDefault: getValue " + e.toString()); } return null; } public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_PATTERN), - getConfig(CONFIG_TYPE) - }; + String params[] = { getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_PATTERN), getConfig(CONFIG_TYPE) }; - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_ISSUER_ALT_NAME_EXT", params); + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_ISSUER_ALT_NAME_EXT", params); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { IssuerAlternativeNameExtension ext = null; try { @@ -284,35 +270,34 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { } catch (IOException e) { CMS.debug("IssuerAltNameExtDefault: populate " + e.toString()); } - addExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), - ext, info); + addExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), ext, + info); } - public IssuerAlternativeNameExtension createExtension(IRequest request) - throws IOException { - IssuerAlternativeNameExtension ext = null; + public IssuerAlternativeNameExtension createExtension(IRequest request) + throws IOException { + IssuerAlternativeNameExtension ext = null; try { ext = new IssuerAlternativeNameExtension(); } catch (Exception e) { CMS.debug(e.toString()); - throw new IOException( e.toString() ); + throw new IOException(e.toString()); } - boolean critical = Boolean.valueOf( - getConfig(CONFIG_CRITICAL)).booleanValue(); + boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL)) + .booleanValue(); String pattern = getConfig(CONFIG_PATTERN); if (!pattern.equals("")) { - GeneralNames gn = new GeneralNames(); + GeneralNames gn = new GeneralNames(); String gname = ""; - if(request != null) { + if (request != null) { gname = mapPattern(request, pattern); } - gn.addElement(parseGeneralName( - getConfig(CONFIG_TYPE) + ":" + gname)); + gn.addElement(parseGeneralName(getConfig(CONFIG_TYPE) + ":" + gname)); ext.set(IssuerAlternativeNameExtension.ISSUER_NAME, gn); } ext.setCritical(critical); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java index c8ed92810..f3c0fc243 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Locale; @@ -34,25 +33,19 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a Key Usage extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates a Key Usage + * extension into the certificate template. + * * @version $Revision$, $Date$ */ public class KeyUsageExtDefault extends EnrollExtDefault { public static final String CONFIG_CRITICAL = "keyUsageCritical"; - public static final String CONFIG_DIGITAL_SIGNATURE = - "keyUsageDigitalSignature"; - public static final String CONFIG_NON_REPUDIATION = - "keyUsageNonRepudiation"; - public static final String CONFIG_KEY_ENCIPHERMENT = - "keyUsageKeyEncipherment"; - public static final String CONFIG_DATA_ENCIPHERMENT = - "keyUsageDataEncipherment"; + public static final String CONFIG_DIGITAL_SIGNATURE = "keyUsageDigitalSignature"; + public static final String CONFIG_NON_REPUDIATION = "keyUsageNonRepudiation"; + public static final String CONFIG_KEY_ENCIPHERMENT = "keyUsageKeyEncipherment"; + public static final String CONFIG_DATA_ENCIPHERMENT = "keyUsageDataEncipherment"; public static final String CONFIG_KEY_AGREEMENT = "keyUsageKeyAgreement"; public static final String CONFIG_KEY_CERTSIGN = "keyUsageKeyCertSign"; public static final String CONFIG_CRL_SIGN = "keyUsageCrlSign"; @@ -60,14 +53,10 @@ public class KeyUsageExtDefault extends EnrollExtDefault { public static final String CONFIG_DECIPHER_ONLY = "keyUsageDecipherOnly"; public static final String VAL_CRITICAL = "keyUsageCritical"; - public static final String VAL_DIGITAL_SIGNATURE = - "keyUsageDigitalSignature"; - public static final String VAL_NON_REPUDIATION = - "keyUsageNonRepudiation"; - public static final String VAL_KEY_ENCIPHERMENT = - "keyUsageKeyEncipherment"; - public static final String VAL_DATA_ENCIPHERMENT = - "keyUsageDataEncipherment"; + public static final String VAL_DIGITAL_SIGNATURE = "keyUsageDigitalSignature"; + public static final String VAL_NON_REPUDIATION = "keyUsageNonRepudiation"; + public static final String VAL_KEY_ENCIPHERMENT = "keyUsageKeyEncipherment"; + public static final String VAL_DATA_ENCIPHERMENT = "keyUsageDataEncipherment"; public static final String VAL_KEY_AGREEMENT = "keyUsageKeyAgreement"; public static final String VAL_KEY_CERTSIGN = "keyUsageKeyCertSign"; public static final String VAL_CRL_SIGN = "keyUsageCrlSign"; @@ -100,50 +89,40 @@ public class KeyUsageExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_DIGITAL_SIGNATURE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_DIGITAL_SIGNATURE")); } else if (name.equals(CONFIG_NON_REPUDIATION)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_NON_REPUDIATION")); } else if (name.equals(CONFIG_KEY_ENCIPHERMENT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ENCIPHERMENT")); } else if (name.equals(CONFIG_DATA_ENCIPHERMENT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_DATA_ENCIPHERMENT")); } else if (name.equals(CONFIG_KEY_AGREEMENT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_KEY_AGREEMENT")); } else if (name.equals(CONFIG_KEY_CERTSIGN)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_KEY_CERTSIGN")); } else if (name.equals(CONFIG_CRL_SIGN)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRL_SIGN")); } else if (name.equals(CONFIG_ENCIPHER_ONLY)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_ENCIPHER_ONLY")); } else if (name.equals(CONFIG_DECIPHER_ONLY)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_DECIPHER_ONLY")); } else { return null; @@ -152,203 +131,190 @@ public class KeyUsageExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_DIGITAL_SIGNATURE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_DIGITAL_SIGNATURE")); } else if (name.equals(VAL_NON_REPUDIATION)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_NON_REPUDIATION")); } else if (name.equals(VAL_KEY_ENCIPHERMENT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ENCIPHERMENT")); } else if (name.equals(VAL_DATA_ENCIPHERMENT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_DATA_ENCIPHERMENT")); } else if (name.equals(VAL_KEY_AGREEMENT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_KEY_AGREEMENT")); } else if (name.equals(VAL_KEY_CERTSIGN)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_KEY_CERTSIGN")); } else if (name.equals(VAL_CRL_SIGN)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRL_SIGN")); } else if (name.equals(VAL_ENCIPHER_ONLY)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_ENCIPHER_ONLY")); } else if (name.equals(VAL_DECIPHER_ONLY)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_DECIPHER_ONLY")); } else { return null; } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { try { KeyUsageExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + if (name == null) { + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + ext = (KeyUsageExtension) getExtension( + PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } - + if (name.equals(VAL_CRITICAL)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - boolean val = Boolean.valueOf(value).booleanValue(); + ext = (KeyUsageExtension) getExtension( + PKIXExtensions.KeyUsage_Id.toString(), info); + boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) { + if (ext == null) { return; } ext.setCritical(val); - } else if (name.equals(VAL_DIGITAL_SIGNATURE)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + } else if (name.equals(VAL_DIGITAL_SIGNATURE)) { + ext = (KeyUsageExtension) getExtension( + PKIXExtensions.KeyUsage_Id.toString(), info); + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.DIGITAL_SIGNATURE, val); } else if (name.equals(VAL_NON_REPUDIATION)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + ext = (KeyUsageExtension) getExtension( + PKIXExtensions.KeyUsage_Id.toString(), info); + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.NON_REPUDIATION, val); } else if (name.equals(VAL_KEY_ENCIPHERMENT)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + ext = (KeyUsageExtension) getExtension( + PKIXExtensions.KeyUsage_Id.toString(), info); + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.KEY_ENCIPHERMENT, val); } else if (name.equals(VAL_DATA_ENCIPHERMENT)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + ext = (KeyUsageExtension) getExtension( + PKIXExtensions.KeyUsage_Id.toString(), info); + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.DATA_ENCIPHERMENT, val); } else if (name.equals(VAL_KEY_AGREEMENT)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + ext = (KeyUsageExtension) getExtension( + PKIXExtensions.KeyUsage_Id.toString(), info); + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.KEY_AGREEMENT, val); } else if (name.equals(VAL_KEY_CERTSIGN)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + ext = (KeyUsageExtension) getExtension( + PKIXExtensions.KeyUsage_Id.toString(), info); + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.KEY_CERTSIGN, val); } else if (name.equals(VAL_CRL_SIGN)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + ext = (KeyUsageExtension) getExtension( + PKIXExtensions.KeyUsage_Id.toString(), info); + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.CRL_SIGN, val); } else if (name.equals(VAL_ENCIPHER_ONLY)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + ext = (KeyUsageExtension) getExtension( + PKIXExtensions.KeyUsage_Id.toString(), info); + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.ENCIPHER_ONLY, val); } else if (name.equals(VAL_DECIPHER_ONLY)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + ext = (KeyUsageExtension) getExtension( + PKIXExtensions.KeyUsage_Id.toString(), info); + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.DECIPHER_ONLY, val); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } replaceExtension(PKIXExtensions.KeyUsage_Id.toString(), ext, info); } catch (IOException e) { CMS.debug("KeyUsageExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } catch (EProfileException e) { CMS.debug("KeyUsageExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { try { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - KeyUsageExtension ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + KeyUsageExtension ext = (KeyUsageExtension) getExtension( + PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + ext = (KeyUsageExtension) getExtension( + PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; @@ -359,122 +325,118 @@ public class KeyUsageExtDefault extends EnrollExtDefault { return "false"; } } else if (name.equals(VAL_DIGITAL_SIGNATURE)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + ext = (KeyUsageExtension) getExtension( + PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } - Boolean val = (Boolean) - ext.get(KeyUsageExtension.DIGITAL_SIGNATURE); + Boolean val = (Boolean) ext + .get(KeyUsageExtension.DIGITAL_SIGNATURE); return val.toString(); } else if (name.equals(VAL_NON_REPUDIATION)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + ext = (KeyUsageExtension) getExtension( + PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } - Boolean val = (Boolean) - ext.get(KeyUsageExtension.NON_REPUDIATION); + Boolean val = (Boolean) ext + .get(KeyUsageExtension.NON_REPUDIATION); return val.toString(); } else if (name.equals(VAL_KEY_ENCIPHERMENT)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + ext = (KeyUsageExtension) getExtension( + PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } - Boolean val = (Boolean) - ext.get(KeyUsageExtension.KEY_ENCIPHERMENT); + Boolean val = (Boolean) ext + .get(KeyUsageExtension.KEY_ENCIPHERMENT); return val.toString(); } else if (name.equals(VAL_DATA_ENCIPHERMENT)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + ext = (KeyUsageExtension) getExtension( + PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } - Boolean val = (Boolean) - ext.get(KeyUsageExtension.DATA_ENCIPHERMENT); + Boolean val = (Boolean) ext + .get(KeyUsageExtension.DATA_ENCIPHERMENT); return val.toString(); } else if (name.equals(VAL_KEY_AGREEMENT)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + ext = (KeyUsageExtension) getExtension( + PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } - Boolean val = (Boolean) - ext.get(KeyUsageExtension.KEY_AGREEMENT); + Boolean val = (Boolean) ext + .get(KeyUsageExtension.KEY_AGREEMENT); return val.toString(); } else if (name.equals(VAL_KEY_CERTSIGN)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + ext = (KeyUsageExtension) getExtension( + PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } - Boolean val = (Boolean) - ext.get(KeyUsageExtension.KEY_CERTSIGN); + Boolean val = (Boolean) ext.get(KeyUsageExtension.KEY_CERTSIGN); return val.toString(); } else if (name.equals(VAL_CRL_SIGN)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + ext = (KeyUsageExtension) getExtension( + PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } - Boolean val = (Boolean) - ext.get(KeyUsageExtension.CRL_SIGN); + Boolean val = (Boolean) ext.get(KeyUsageExtension.CRL_SIGN); return val.toString(); } else if (name.equals(VAL_ENCIPHER_ONLY)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + ext = (KeyUsageExtension) getExtension( + PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } - Boolean val = (Boolean) - ext.get(KeyUsageExtension.ENCIPHER_ONLY); + Boolean val = (Boolean) ext + .get(KeyUsageExtension.ENCIPHER_ONLY); return val.toString(); } else if (name.equals(VAL_DECIPHER_ONLY)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + ext = (KeyUsageExtension) getExtension( + PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } - Boolean val = (Boolean) - ext.get(KeyUsageExtension.DECIPHER_ONLY); + Boolean val = (Boolean) ext + .get(KeyUsageExtension.DECIPHER_ONLY); return val.toString(); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } catch (IOException e) { CMS.debug("KeyUsageExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_DIGITAL_SIGNATURE), - getConfig(CONFIG_NON_REPUDIATION), - getConfig(CONFIG_KEY_ENCIPHERMENT), - getConfig(CONFIG_DATA_ENCIPHERMENT), - getConfig(CONFIG_KEY_AGREEMENT), - getConfig(CONFIG_KEY_CERTSIGN), - getConfig(CONFIG_CRL_SIGN), - getConfig(CONFIG_ENCIPHER_ONLY), - getConfig(CONFIG_DECIPHER_ONLY) - }; - - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_KEY_USAGE_EXT", params); + String params[] = { getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_DIGITAL_SIGNATURE), + getConfig(CONFIG_NON_REPUDIATION), + getConfig(CONFIG_KEY_ENCIPHERMENT), + getConfig(CONFIG_DATA_ENCIPHERMENT), + getConfig(CONFIG_KEY_AGREEMENT), + getConfig(CONFIG_KEY_CERTSIGN), getConfig(CONFIG_CRL_SIGN), + getConfig(CONFIG_ENCIPHER_ONLY), + getConfig(CONFIG_DECIPHER_ONLY) }; + + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_KEY_USAGE_EXT", + params); } @@ -482,14 +444,14 @@ public class KeyUsageExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { KeyUsageExtension ext = createKeyUsageExtension(); addExtension(PKIXExtensions.KeyUsage_Id.toString(), ext, info); } public KeyUsageExtension createKeyUsageExtension() { - KeyUsageExtension ext = null; + KeyUsageExtension ext = null; boolean[] bits = new boolean[KeyUsageExtension.NBITS]; boolean critical = getConfigBoolean(CONFIG_CRITICAL); @@ -506,8 +468,8 @@ public class KeyUsageExtDefault extends EnrollExtDefault { try { ext = new KeyUsageExtension(critical, bits); } catch (Exception e) { - CMS.debug("KeyUsageExtDefault: createKeyUsageExtension " + - e.toString()); + CMS.debug("KeyUsageExtDefault: createKeyUsageExtension " + + e.toString()); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java index 01e92d6a7..39f8e8c4b 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Locale; @@ -34,12 +33,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a Netscape comment extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates a Netscape + * comment extension into the certificate template. + * * @version $Revision$, $Date$ */ public class NSCCommentExtDefault extends EnrollExtDefault { @@ -60,18 +57,16 @@ public class NSCCommentExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_COMMENT)) { - return new Descriptor(IDescriptor.STRING, null, - "Comment Here...", + return new Descriptor(IDescriptor.STRING, null, "Comment Here...", CMS.getUserMessage(locale, "CMS_PROFILE_COMMENT")); } else { return null; @@ -80,66 +75,60 @@ public class NSCCommentExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_COMMENT)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_COMMENT")); } else { return null; } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { try { NSCCommentExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } ObjectIdentifier oid = NSCCommentExtension.OID; - ext = (NSCCommentExtension) - getExtension(oid.toString(), info); + ext = (NSCCommentExtension) getExtension(oid.toString(), info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } if (name.equals(VAL_CRITICAL)) { - ext = (NSCCommentExtension) - getExtension(oid.toString(), info); + ext = (NSCCommentExtension) getExtension(oid.toString(), info); boolean val = Boolean.valueOf(value).booleanValue(); - if (ext == null) { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_COMMENT)) { + ext.setCritical(val); + } else if (name.equals(VAL_COMMENT)) { - ext = (NSCCommentExtension) - getExtension(oid.toString(), info); + ext = (NSCCommentExtension) getExtension(oid.toString(), info); - if (ext == null) { + if (ext == null) { return; } boolean critical = ext.isCritical(); if (value == null || value.equals("")) ext = new NSCCommentExtension(critical, ""); - // throw new EPropertyException(name+" cannot be empty"); + // throw new EPropertyException(name+" cannot be empty"); else ext = new NSCCommentExtension(critical, value); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } replaceExtension(ext.getExtensionId().toString(), ext, info); @@ -150,37 +139,33 @@ public class NSCCommentExtDefault extends EnrollExtDefault { } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { NSCCommentExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } ObjectIdentifier oid = NSCCommentExtension.OID; - ext = (NSCCommentExtension) - getExtension(oid.toString(), info); + ext = (NSCCommentExtension) getExtension(oid.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (NSCCommentExtension) - getExtension(oid.toString(), info); + ext = (NSCCommentExtension) getExtension(oid.toString(), info); if (ext == null) { return null; @@ -190,10 +175,9 @@ public class NSCCommentExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_COMMENT)) { + } else if (name.equals(VAL_COMMENT)) { - ext = (NSCCommentExtension) - getExtension(oid.toString(), info); + ext = (NSCCommentExtension) getExtension(oid.toString(), info); if (ext == null) return ""; @@ -202,35 +186,34 @@ public class NSCCommentExtDefault extends EnrollExtDefault { if (comment == null) comment = ""; - + return comment; } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_COMMENT) - }; + String params[] = { getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_COMMENT) }; - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_NS_COMMENT_EXT", params); + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_NS_COMMENT_EXT", + params); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { NSCCommentExtension ext = createExtension(); addExtension(ext.getExtensionId().toString(), ext, info); } public NSCCommentExtension createExtension() { - NSCCommentExtension ext = null; + NSCCommentExtension ext = null; try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); @@ -241,8 +224,7 @@ public class NSCCommentExtDefault extends EnrollExtDefault { else ext = new NSCCommentExtension(critical, comment); } catch (Exception e) { - CMS.debug("NSCCommentExtension: createExtension " + - e.toString()); + CMS.debug("NSCCommentExtension: createExtension " + e.toString()); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java index e3438ccf6..960fa0eb0 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.security.cert.CertificateException; import java.util.Locale; @@ -33,12 +32,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a Netscape Certificate Type extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates a Netscape + * Certificate Type extension into the certificate template. + * * @version $Revision$, $Date$ */ public class NSCertTypeExtDefault extends EnrollExtDefault { @@ -83,42 +80,34 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_SSL_CLIENT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CLIENT")); } else if (name.equals(CONFIG_SSL_SERVER)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_SSL_SERVER")); } else if (name.equals(CONFIG_EMAIL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL")); } else if (name.equals(CONFIG_OBJECT_SIGNING)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING")); } else if (name.equals(CONFIG_SSL_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CA")); } else if (name.equals(CONFIG_EMAIL_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL_CA")); } else if (name.equals(CONFIG_OBJECT_SIGNING_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING_CA")); } else { return null; @@ -127,129 +116,119 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_SSL_CLIENT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CLIENT")); } else if (name.equals(VAL_SSL_SERVER)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_SSL_SERVER")); } else if (name.equals(VAL_EMAIL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL")); } else if (name.equals(VAL_OBJECT_SIGNING)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING")); } else if (name.equals(VAL_SSL_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CA")); } else if (name.equals(VAL_EMAIL_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL_CA")); } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING_CA")); } else { return null; } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { try { NSCertTypeExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } + ext = (NSCertTypeExtension) getExtension( + NSCertTypeExtension.CertType_Id.toString(), info); - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } if (name.equals(VAL_CRITICAL)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + ext = (NSCertTypeExtension) getExtension( + NSCertTypeExtension.CertType_Id.toString(), info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) { - return ; + if (ext == null) { + return; } - ext.setCritical(val); - } else if (name.equals(VAL_SSL_CLIENT)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) { - return ; + ext.setCritical(val); + } else if (name.equals(VAL_SSL_CLIENT)) { + ext = (NSCertTypeExtension) getExtension( + NSCertTypeExtension.CertType_Id.toString(), info); + if (ext == null) { + return; } Boolean val = Boolean.valueOf(value); ext.set(NSCertTypeExtension.SSL_CLIENT, val); - } else if (name.equals(VAL_SSL_SERVER)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) { - return ; + } else if (name.equals(VAL_SSL_SERVER)) { + ext = (NSCertTypeExtension) getExtension( + NSCertTypeExtension.CertType_Id.toString(), info); + if (ext == null) { + return; } Boolean val = Boolean.valueOf(value); ext.set(NSCertTypeExtension.SSL_SERVER, val); - } else if (name.equals(VAL_EMAIL)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) { - return ; + } else if (name.equals(VAL_EMAIL)) { + ext = (NSCertTypeExtension) getExtension( + NSCertTypeExtension.CertType_Id.toString(), info); + if (ext == null) { + return; } Boolean val = Boolean.valueOf(value); ext.set(NSCertTypeExtension.EMAIL, val); - } else if (name.equals(VAL_OBJECT_SIGNING)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) { - return ; + } else if (name.equals(VAL_OBJECT_SIGNING)) { + ext = (NSCertTypeExtension) getExtension( + NSCertTypeExtension.CertType_Id.toString(), info); + if (ext == null) { + return; } Boolean val = Boolean.valueOf(value); ext.set(NSCertTypeExtension.OBJECT_SIGNING, val); - } else if (name.equals(VAL_SSL_CA)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) { - return ; + } else if (name.equals(VAL_SSL_CA)) { + ext = (NSCertTypeExtension) getExtension( + NSCertTypeExtension.CertType_Id.toString(), info); + if (ext == null) { + return; } Boolean val = Boolean.valueOf(value); ext.set(NSCertTypeExtension.SSL_CA, val); - } else if (name.equals(VAL_EMAIL_CA)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) { - return ; + } else if (name.equals(VAL_EMAIL_CA)) { + ext = (NSCertTypeExtension) getExtension( + NSCertTypeExtension.CertType_Id.toString(), info); + if (ext == null) { + return; } Boolean val = Boolean.valueOf(value); ext.set(NSCertTypeExtension.EMAIL_CA, val); - } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) { - return ; + } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { + ext = (NSCertTypeExtension) getExtension( + NSCertTypeExtension.CertType_Id.toString(), info); + if (ext == null) { + return; } Boolean val = Boolean.valueOf(value); @@ -257,7 +236,8 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { } else { throw new EPropertyException("Invalid name " + name); } - replaceExtension(NSCertTypeExtension.CertType_Id.toString(), ext, info); + replaceExtension(NSCertTypeExtension.CertType_Id.toString(), ext, + info); } catch (CertificateException e) { CMS.debug("NSCertTypeExtDefault: setValue " + e.toString()); } catch (EProfileException e) { @@ -265,32 +245,30 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { try { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + if (name == null) { + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - NSCertTypeExtension ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + NSCertTypeExtension ext = (NSCertTypeExtension) getExtension( + NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + ext = (NSCertTypeExtension) getExtension( + NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; @@ -300,72 +278,74 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_SSL_CLIENT)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + } else if (name.equals(VAL_SSL_CLIENT)) { + ext = (NSCertTypeExtension) getExtension( + NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_CLIENT); return val.toString(); - } else if (name.equals(VAL_SSL_SERVER)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + } else if (name.equals(VAL_SSL_SERVER)) { + ext = (NSCertTypeExtension) getExtension( + NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_SERVER); return val.toString(); - } else if (name.equals(VAL_EMAIL)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + } else if (name.equals(VAL_EMAIL)) { + ext = (NSCertTypeExtension) getExtension( + NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) ext.get(NSCertTypeExtension.EMAIL); return val.toString(); - } else if (name.equals(VAL_OBJECT_SIGNING)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + } else if (name.equals(VAL_OBJECT_SIGNING)) { + ext = (NSCertTypeExtension) getExtension( + NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } - Boolean val = (Boolean) ext.get(NSCertTypeExtension.OBJECT_SIGNING); + Boolean val = (Boolean) ext + .get(NSCertTypeExtension.OBJECT_SIGNING); return val.toString(); - } else if (name.equals(VAL_SSL_CA)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + } else if (name.equals(VAL_SSL_CA)) { + ext = (NSCertTypeExtension) getExtension( + NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_CA); return val.toString(); - } else if (name.equals(VAL_EMAIL_CA)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + } else if (name.equals(VAL_EMAIL_CA)) { + ext = (NSCertTypeExtension) getExtension( + NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) ext.get(NSCertTypeExtension.EMAIL_CA); return val.toString(); - } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { + ext = (NSCertTypeExtension) getExtension( + NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } - Boolean val = (Boolean) ext.get(NSCertTypeExtension.OBJECT_SIGNING_CA); + Boolean val = (Boolean) ext + .get(NSCertTypeExtension.OBJECT_SIGNING_CA); return val.toString(); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } catch (CertificateException e) { CMS.debug("NSCertTypeExtDefault: setValue " + e.toString()); @@ -374,18 +354,14 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { } public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_SSL_CLIENT), - getConfig(CONFIG_SSL_SERVER), - getConfig(CONFIG_EMAIL), - getConfig(CONFIG_OBJECT_SIGNING), - getConfig(CONFIG_SSL_CA), - getConfig(CONFIG_EMAIL_CA), - getConfig(CONFIG_OBJECT_SIGNING_CA) - }; - - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_NS_CERT_TYPE_EXT", params); + String params[] = { getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_SSL_CLIENT), getConfig(CONFIG_SSL_SERVER), + getConfig(CONFIG_EMAIL), getConfig(CONFIG_OBJECT_SIGNING), + getConfig(CONFIG_SSL_CA), getConfig(CONFIG_EMAIL_CA), + getConfig(CONFIG_OBJECT_SIGNING_CA) }; + + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_NS_CERT_TYPE_EXT", + params); } @@ -393,14 +369,14 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { NSCertTypeExtension ext = createExtension(); addExtension(NSCertTypeExtension.CertType_Id.toString(), ext, info); } public NSCertTypeExtension createExtension() { - NSCertTypeExtension ext = null; + NSCertTypeExtension ext = null; boolean[] bits = new boolean[NSCertTypeExtension.NBITS]; boolean critical = getConfigBoolean(CONFIG_CRITICAL); @@ -415,8 +391,7 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { try { ext = new NSCertTypeExtension(critical, bits); } catch (Exception e) { - CMS.debug("NSCertTypeExtDefault: createExtension " + - e.toString()); + CMS.debug("NSCertTypeExtDefault: createExtension " + e.toString()); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java index f6ddd9153..367e83c28 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -41,25 +40,22 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a name constraint extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates a name + * constraint extension into the certificate template. + * * @version $Revision$, $Date$ */ public class NameConstraintsExtDefault extends EnrollExtDefault { public static final String CONFIG_CRITICAL = "nameConstraintsCritical"; - public static final String CONFIG_NUM_PERMITTED_SUBTREES = - "nameConstraintsNumPermittedSubtrees"; + public static final String CONFIG_NUM_PERMITTED_SUBTREES = "nameConstraintsNumPermittedSubtrees"; public static final String CONFIG_PERMITTED_MIN_VAL = "nameConstraintsPermittedSubtreeMinValue_"; public static final String CONFIG_PERMITTED_MAX_VAL = "nameConstraintsPermittedSubtreeMaxValue_"; public static final String CONFIG_PERMITTED_NAME_CHOICE = "nameConstraintsPermittedSubtreeNameChoice_"; public static final String CONFIG_PERMITTED_NAME_VAL = "nameConstraintsPermittedSubtreeNameValue_"; public static final String CONFIG_PERMITTED_ENABLE = "nameConstraintsPermittedSubtreeEnable_"; - + public static final String CONFIG_NUM_EXCLUDED_SUBTREES = "nameConstraintsNumExcludedSubtrees"; public static final String CONFIG_EXCLUDED_MIN_VAL = "nameConstraintsExcludedSubtreeMinValue_"; public static final String CONFIG_EXCLUDED_MAX_VAL = "nameConstraintsExcludedSubtreeMaxValue_"; @@ -87,7 +83,7 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); @@ -128,48 +124,48 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { return num; } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_PERMITTED_SUBTREES)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_PERMITTED_SUBTREES || num < 0) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_PERMITTED_SUBTREES)); - } + if (num >= MAX_NUM_PERMITTED_SUBTREES || num < 0) { + throw new EPropertyException(CMS.getUserMessage( + "CMS_INVALID_PROPERTY", + CONFIG_NUM_PERMITTED_SUBTREES)); + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_PERMITTED_SUBTREES)); - } - } else if(name.equals(CONFIG_NUM_EXCLUDED_SUBTREES)) { + "CMS_INVALID_PROPERTY", CONFIG_NUM_PERMITTED_SUBTREES)); + } + } else if (name.equals(CONFIG_NUM_EXCLUDED_SUBTREES)) { try { - num = Integer.parseInt(value); + num = Integer.parseInt(value); - if (num >= MAX_NUM_EXCLUDED_SUBTREES || num < 0) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_EXCLUDED_SUBTREES)); - } + if (num >= MAX_NUM_EXCLUDED_SUBTREES || num < 0) { + throw new EPropertyException(CMS.getUserMessage( + "CMS_INVALID_PROPERTY", + CONFIG_NUM_EXCLUDED_SUBTREES)); + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_EXCLUDED_SUBTREES)); - } + "CMS_INVALID_PROPERTY", CONFIG_NUM_EXCLUDED_SUBTREES)); + } } super.setConfig(name, value); } - public Enumeration getConfigNames() { refreshConfigAndValueNames(); return super.getConfigNames(); } protected void refreshConfigAndValueNames() { - //refesh our config name list + // refesh our config name list super.refreshConfigAndValueNames(); @@ -203,119 +199,112 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_PERMITTED_MIN_VAL)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_MIN_VAL")); } else if (name.startsWith(CONFIG_PERMITTED_MAX_VAL)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_MAX_VAL")); } else if (name.startsWith(CONFIG_PERMITTED_NAME_CHOICE)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_NAME_CHOICE")); + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_PERMITTED_NAME_CHOICE")); } else if (name.startsWith(CONFIG_PERMITTED_NAME_VAL)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor( + IDescriptor.STRING, + null, null, CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_NAME_VAL")); } else if (name.startsWith(CONFIG_PERMITTED_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); } else if (name.startsWith(CONFIG_EXCLUDED_MIN_VAL)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_MIN_VAL")); } else if (name.startsWith(CONFIG_EXCLUDED_MAX_VAL)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_MAX_VAL")); } else if (name.startsWith(CONFIG_EXCLUDED_NAME_CHOICE)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_NAME_CHOICE")); + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_EXCLUDED_NAME_CHOICE")); } else if (name.startsWith(CONFIG_EXCLUDED_NAME_VAL)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_NAME_VAL")); } else if (name.startsWith(CONFIG_EXCLUDED_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); } else if (name.startsWith(CONFIG_NUM_EXCLUDED_SUBTREES)) { - return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_EXCLUDED_SUBTREES")); + return new Descriptor(IDescriptor.INTEGER, null, "1", + CMS.getUserMessage(locale, + "CMS_PROFILE_NUM_EXCLUDED_SUBTREES")); } else if (name.startsWith(CONFIG_NUM_PERMITTED_SUBTREES)) { - return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_PERMITTED_SUBTREES")); + return new Descriptor(IDescriptor.INTEGER, null, "1", + CMS.getUserMessage(locale, + "CMS_PROFILE_NUM_PERMITTED_SUBTREES")); } return null; } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_PERMITTED_SUBTREES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, + return new Descriptor( + IDescriptor.STRING_LIST, + null, null, CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_SUBTREES")); } else if (name.equals(VAL_EXCLUDED_SUBTREES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_SUBTREES")); } else { return null; } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { try { NameConstraintsExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + if (name == null) { + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - ext = (NameConstraintsExtension) - getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); + ext = (NameConstraintsExtension) getExtension( + PKIXExtensions.NameConstraints_Id.toString(), info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } if (name.equals(VAL_CRITICAL)) { - ext = (NameConstraintsExtension) - getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); + ext = (NameConstraintsExtension) getExtension( + PKIXExtensions.NameConstraints_Id.toString(), info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_PERMITTED_SUBTREES)) { - ext = (NameConstraintsExtension) - getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); + ext.setCritical(val); + } else if (name.equals(VAL_PERMITTED_SUBTREES)) { + ext = (NameConstraintsExtension) getExtension( + PKIXExtensions.NameConstraints_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } - if ((value == null) || (value.equals("null")) || (value.equals(""))) { - CMS.debug("NameConstraintsExtDefault:setValue : " + - "blank value for permitted subtrees ... returning"); + if ((value == null) || (value.equals("null")) + || (value.equals(""))) { + CMS.debug("NameConstraintsExtDefault:setValue : " + + "blank value for permitted subtrees ... returning"); return; } @@ -323,44 +312,47 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { Vector permittedSubtrees = createSubtrees(locale, v); - ext.set(NameConstraintsExtension.PERMITTED_SUBTREES, - new GeneralSubtrees(permittedSubtrees)); + ext.set(NameConstraintsExtension.PERMITTED_SUBTREES, + new GeneralSubtrees(permittedSubtrees)); } else if (name.equals(VAL_EXCLUDED_SUBTREES)) { - ext = (NameConstraintsExtension) - getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); + ext = (NameConstraintsExtension) getExtension( + PKIXExtensions.NameConstraints_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } - if ((value == null) || (value.equals("null")) || (value.equals(""))) { - CMS.debug("NameConstraintsExtDefault:setValue : " + - "blank value for excluded subtrees ... returning"); + if ((value == null) || (value.equals("null")) + || (value.equals(""))) { + CMS.debug("NameConstraintsExtDefault:setValue : " + + "blank value for excluded subtrees ... returning"); return; } Vector v = parseRecords(value); Vector excludedSubtrees = createSubtrees(locale, v); - ext.set(NameConstraintsExtension.EXCLUDED_SUBTREES, - new GeneralSubtrees(excludedSubtrees)); + ext.set(NameConstraintsExtension.EXCLUDED_SUBTREES, + new GeneralSubtrees(excludedSubtrees)); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - replaceExtension(PKIXExtensions.NameConstraints_Id.toString(), ext, info); + replaceExtension(PKIXExtensions.NameConstraints_Id.toString(), ext, + info); } catch (IOException e) { CMS.debug("NameConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } catch (EProfileException e) { CMS.debug("NameConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } - private Vector createSubtrees(Locale locale, Vector v) throws EPropertyException { + private Vector createSubtrees(Locale locale, Vector v) + throws EPropertyException { int size = v.size(); String choice = null; String val = ""; @@ -385,16 +377,16 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { } else if (name1.equals(MAX_VALUE)) { maxS = nvps.getValue(name1); } - } + } if (choice == null || choice.length() == 0) { throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_PROFILE_GENERAL_NAME_NOT_FOUND")); + "CMS_PROFILE_GENERAL_NAME_NOT_FOUND")); } - + if (val == null) val = ""; - + int min = 0; int max = -1; @@ -409,53 +401,50 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { try { gnI = parseGeneralName(choice + ":" + val); } catch (IOException e) { - CMS.debug("NameConstraintsExtDefault: createSubtress " + - e.toString()); + CMS.debug("NameConstraintsExtDefault: createSubtress " + + e.toString()); } if (gnI != null) { gn = new GeneralName(gnI); } else { throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_PROFILE_GENERAL_NAME_NOT_FOUND")); + "CMS_PROFILE_GENERAL_NAME_NOT_FOUND")); } - GeneralSubtree subtree = new GeneralSubtree( - gn, min, max); + GeneralSubtree subtree = new GeneralSubtree(gn, min, max); subtrees.addElement(subtree); - } + } return subtrees; } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { NameConstraintsExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - ext = (NameConstraintsExtension) - getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); + ext = (NameConstraintsExtension) getExtension( + PKIXExtensions.NameConstraints_Id.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (NameConstraintsExtension) - getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); + ext = (NameConstraintsExtension) getExtension( + PKIXExtensions.NameConstraints_Id.toString(), info); if (ext == null) { return null; @@ -465,9 +454,9 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_PERMITTED_SUBTREES)) { - ext = (NameConstraintsExtension) - getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); + } else if (name.equals(VAL_PERMITTED_SUBTREES)) { + ext = (NameConstraintsExtension) getExtension( + PKIXExtensions.NameConstraints_Id.toString(), info); if (ext == null) return ""; @@ -475,21 +464,21 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { GeneralSubtrees subtrees = null; try { - subtrees = (GeneralSubtrees) - ext.get(NameConstraintsExtension.PERMITTED_SUBTREES); + subtrees = (GeneralSubtrees) ext + .get(NameConstraintsExtension.PERMITTED_SUBTREES); } catch (IOException e) { CMS.debug("NameConstraintExtDefault: getValue " + e.toString()); } - if( subtrees == null ) { - CMS.debug( "NameConstraintsExtDefault::getValue() VAL_PERMITTED_SUBTREES is null!" ); - throw new EPropertyException( "subtrees is null" ); + if (subtrees == null) { + CMS.debug("NameConstraintsExtDefault::getValue() VAL_PERMITTED_SUBTREES is null!"); + throw new EPropertyException("subtrees is null"); } return getSubtreesInfo(ext, subtrees); - } else if (name.equals(VAL_EXCLUDED_SUBTREES)) { - ext = (NameConstraintsExtension) - getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); + } else if (name.equals(VAL_EXCLUDED_SUBTREES)) { + ext = (NameConstraintsExtension) getExtension( + PKIXExtensions.NameConstraints_Id.toString(), info); if (ext == null) return ""; @@ -497,26 +486,26 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { GeneralSubtrees subtrees = null; try { - subtrees = (GeneralSubtrees) - ext.get(NameConstraintsExtension.EXCLUDED_SUBTREES); + subtrees = (GeneralSubtrees) ext + .get(NameConstraintsExtension.EXCLUDED_SUBTREES); } catch (IOException e) { CMS.debug("NameConstraintExtDefault: getValue " + e.toString()); } - if( subtrees == null ) { - CMS.debug( "NameConstraintsExtDefault::getValue() VAL_EXCLUDED_SUBTREES is null!" ); - throw new EPropertyException( "subtrees is null" ); + if (subtrees == null) { + CMS.debug("NameConstraintsExtDefault::getValue() VAL_EXCLUDED_SUBTREES is null!"); + throw new EPropertyException("subtrees is null"); } return getSubtreesInfo(ext, subtrees); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } - private String getSubtreesInfo(NameConstraintsExtension ext, - GeneralSubtrees subtrees) throws EPropertyException { + private String getSubtreesInfo(NameConstraintsExtension ext, + GeneralSubtrees subtrees) throws EPropertyException { Vector trees = subtrees.getSubtrees(); int size = trees.size(); @@ -526,8 +515,8 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { GeneralSubtree tree = (GeneralSubtree) trees.elementAt(i); GeneralName gn = tree.getGeneralName(); - String type = getGeneralNameType(gn); - int max = tree.getMaxValue(); + String type = getGeneralNameType(gn); + int max = tree.getMaxValue(); int min = tree.getMinValue(); NameValuePairs pairs = new NameValuePairs(); @@ -540,7 +529,7 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { recs.addElement(pairs); } - + return buildRecords(recs); } @@ -583,8 +572,8 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { sb.append(getConfig(CONFIG_EXCLUDED_MAX_VAL + i)); sb.append("}"); } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_NAME_CONSTRAINTS_EXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_NAME_CONSTRAINTS_EXT", getConfig(CONFIG_CRITICAL), sb.toString()); } @@ -592,14 +581,14 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { NameConstraintsExtension ext = createExtension(); addExtension(PKIXExtensions.NameConstraints_Id.toString(), ext, info); } public NameConstraintsExtension createExtension() { - NameConstraintsExtension ext = null; + NameConstraintsExtension ext = null; try { int num = getNumPermitted(); @@ -637,18 +626,18 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { } } - ext = new NameConstraintsExtension(critical, - new GeneralSubtrees(v), new GeneralSubtrees(v1)); + ext = new NameConstraintsExtension(critical, + new GeneralSubtrees(v), new GeneralSubtrees(v1)); } catch (Exception e) { - CMS.debug("NameConstraintsExtDefault: createExtension " + - e.toString()); + CMS.debug("NameConstraintsExtDefault: createExtension " + + e.toString()); } return ext; } - private GeneralSubtree createSubtree(String choice, String value, - String minS, String maxS) { + private GeneralSubtree createSubtree(String choice, String value, + String minS, String maxS) { GeneralName gn = null; GeneralNameInterface gnI = null; @@ -660,7 +649,7 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { if (gnI != null) gn = new GeneralName(gnI); else - //throw new EPropertyException("GeneralName must not be null"); + // throw new EPropertyException("GeneralName must not be null"); return null; int min = 0; diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java index 283f50833..030c8a340 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -32,13 +31,12 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements no default policy. - * + * * @version $Revision$, $Date$ */ -public class NoDefault implements IPolicyDefault { +public class NoDefault implements IPolicyDefault { public static final String PROP_NAME = "name"; @@ -54,8 +52,7 @@ public class NoDefault implements IPolicyDefault { return null; } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) throws EPropertyException { } public String getDefaultConfig(String name) { @@ -67,7 +64,7 @@ public class NoDefault implements IPolicyDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mConfig = config; } @@ -78,8 +75,7 @@ public class NoDefault implements IPolicyDefault { /** * Populates the request with this policy default. */ - public void populate(IRequest request) - throws EProfileException { + public void populate(IRequest request) throws EProfileException { } public Enumeration getValueNames() { @@ -90,9 +86,8 @@ public class NoDefault implements IPolicyDefault { return null; } - public void setValue(String name, Locale locale, IRequest request, - String value) - throws EPropertyException { + public void setValue(String name, Locale locale, IRequest request, + String value) throws EPropertyException { } public String getValue(String name, Locale locale, IRequest request) { diff --git a/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java index 28a25a6e5..1fefefa69 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.util.Locale; import netscape.security.extensions.OCSPNoCheckExtension; @@ -32,12 +31,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates an OCSP No Check extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates an OCSP No + * Check extension into the certificate template. + * * @version $Revision$, $Date$ */ public class OCSPNoCheckExtDefault extends EnrollExtDefault { @@ -53,14 +50,13 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else { return null; @@ -69,79 +65,73 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else { return null; } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - OCSPNoCheckExtension ext = (OCSPNoCheckExtension) - getExtension(OCSPNoCheckExtension.OID, info); + OCSPNoCheckExtension ext = (OCSPNoCheckExtension) getExtension( + OCSPNoCheckExtension.OID, info); - - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (OCSPNoCheckExtension) - getExtension(OCSPNoCheckExtension.OID, info); + ext = (OCSPNoCheckExtension) getExtension(OCSPNoCheckExtension.OID, + info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) { - return; + if (ext == null) { + return; } ext.setCritical(val); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - OCSPNoCheckExtension ext = (OCSPNoCheckExtension) - getExtension(OCSPNoCheckExtension.OID, info); + OCSPNoCheckExtension ext = (OCSPNoCheckExtension) getExtension( + OCSPNoCheckExtension.OID, info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (OCSPNoCheckExtension) - getExtension(OCSPNoCheckExtension.OID, info); + ext = (OCSPNoCheckExtension) getExtension(OCSPNoCheckExtension.OID, + info); if (ext == null) { return null; @@ -152,8 +142,8 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault { return "false"; } } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } @@ -166,20 +156,19 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { OCSPNoCheckExtension ext = createExtension(); addExtension(OCSPNoCheckExtension.OID, ext, info); } public OCSPNoCheckExtension createExtension() { - OCSPNoCheckExtension ext = null; + OCSPNoCheckExtension ext = null; try { ext = new OCSPNoCheckExtension(); } catch (Exception e) { - CMS.debug("OCSPNoCheckExtDefault: createExtension " + - e.toString()); + CMS.debug("OCSPNoCheckExtDefault: createExtension " + e.toString()); return null; } boolean critical = getConfigBoolean(CONFIG_CRITICAL); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java index 9a36f0cd8..9a60063b0 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Locale; @@ -34,12 +33,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a policy constraints extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates a policy + * constraints extension into the certificate template. + * * @version $Revision$, $Date$ */ public class PolicyConstraintsExtDefault extends EnrollExtDefault { @@ -64,143 +61,132 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_REQ_EXPLICIT_POLICY)) { - return new Descriptor(IDescriptor.INTEGER, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_REQUIRED_EXPLICIT_POLICY")); + return new Descriptor(IDescriptor.INTEGER, null, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_REQUIRED_EXPLICIT_POLICY")); } else if (name.equals(CONFIG_INHIBIT_POLICY_MAPPING)) { - return new Descriptor(IDescriptor.INTEGER, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_INHIBIT_POLICY_MAPPING")); + return new Descriptor(IDescriptor.INTEGER, null, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_INHIBIT_POLICY_MAPPING")); } return null; } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { - return new Descriptor(IDescriptor.INTEGER, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_REQUIRED_EXPLICIT_POLICY")); + return new Descriptor(IDescriptor.INTEGER, null, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_REQUIRED_EXPLICIT_POLICY")); } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) { - return new Descriptor(IDescriptor.INTEGER, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_INHIBIT_POLICY_MAPPING")); + return new Descriptor(IDescriptor.INTEGER, null, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_INHIBIT_POLICY_MAPPING")); } return null; } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { try { PolicyConstraintsExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + if (name == null) { + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); + ext = (PolicyConstraintsExtension) getExtension( + PKIXExtensions.PolicyConstraints_Id.toString(), info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } if (name.equals(VAL_CRITICAL)) { - ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); + ext = (PolicyConstraintsExtension) getExtension( + PKIXExtensions.PolicyConstraints_Id.toString(), info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { - ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); - - if(ext == null) { + ext.setCritical(val); + } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { + ext = (PolicyConstraintsExtension) getExtension( + PKIXExtensions.PolicyConstraints_Id.toString(), info); + + if (ext == null) { return; - } + } Integer num = new Integer(value); ext.set(PolicyConstraintsExtension.REQUIRE, num); - } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) { - ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); + } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) { + ext = (PolicyConstraintsExtension) getExtension( + PKIXExtensions.PolicyConstraints_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } Integer num = new Integer(value); ext.set(PolicyConstraintsExtension.INHIBIT, num); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } replaceExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - ext, info); + ext, info); } catch (EProfileException e) { CMS.debug("PolicyConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } catch (IOException e) { CMS.debug("PolicyConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { PolicyConstraintsExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); - if(ext == null) - { + ext = (PolicyConstraintsExtension) getExtension( + PKIXExtensions.PolicyConstraints_Id.toString(), info); + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); + ext = (PolicyConstraintsExtension) getExtension( + PKIXExtensions.PolicyConstraints_Id.toString(), info); if (ext == null) { return null; @@ -210,10 +196,9 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { - ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); + } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { + ext = (PolicyConstraintsExtension) getExtension( + PKIXExtensions.PolicyConstraints_Id.toString(), info); if (ext == null) return ""; @@ -222,9 +207,8 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { return "" + num; } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) { - ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); + ext = (PolicyConstraintsExtension) getExtension( + PKIXExtensions.PolicyConstraints_Id.toString(), info); if (ext == null) return ""; @@ -233,36 +217,34 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { return "" + num; } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_REQ_EXPLICIT_POLICY), - getConfig(CONFIG_INHIBIT_POLICY_MAPPING) - }; + String params[] = { getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_REQ_EXPLICIT_POLICY), + getConfig(CONFIG_INHIBIT_POLICY_MAPPING) }; - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_POLICY_CONSTRAINTS_EXT", params); + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_POLICY_CONSTRAINTS_EXT", params); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { PolicyConstraintsExtension ext = createExtension(); if (ext == null) return; - addExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - ext, info); + addExtension(PKIXExtensions.PolicyConstraints_Id.toString(), ext, info); } public PolicyConstraintsExtension createExtension() { - PolicyConstraintsExtension ext = null; + PolicyConstraintsExtension ext = null; try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); @@ -281,8 +263,8 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { } ext = new PolicyConstraintsExtension(critical, reqNum, inhibitNum); } catch (Exception e) { - CMS.debug("PolicyConstraintsExtDefault: createExtension " + - e.toString()); + CMS.debug("PolicyConstraintsExtDefault: createExtension " + + e.toString()); } return ext; diff --git a/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java index 19bfb3615..533fb4a4e 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -40,12 +39,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a policy mappings extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates a policy + * mappings extension into the certificate template. + * * @version $Revision$, $Date$ */ public class PolicyMappingsExtDefault extends EnrollExtDefault { @@ -85,27 +82,26 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_POLICY_MAPPINGS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_MAPPINGS || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_MAPPINGS || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_POLICY_MAPPINGS)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_POLICY_MAPPINGS)); - } + "CMS_INVALID_PROPERTY", CONFIG_NUM_POLICY_MAPPINGS)); + } } super.setConfig(name, value); } @@ -132,27 +128,25 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_ISSUER_DOMAIN_POLICY)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_DOMAIN_POLICY")); + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_ISSUER_DOMAIN_POLICY")); } else if (name.startsWith(CONFIG_SUBJECT_DOMAIN_POLICY)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_DOMAIN_POLICY")); + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_DOMAIN_POLICY")); } else if (name.startsWith(CONFIG_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); } else if (name.startsWith(CONFIG_NUM_POLICY_MAPPINGS)) { - return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICY_MAPPINGS")); + return new Descriptor(IDescriptor.INTEGER, null, "1", + CMS.getUserMessage(locale, + "CMS_PROFILE_NUM_POLICY_MAPPINGS")); } return null; @@ -160,55 +154,49 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_DOMAINS)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_DOMAINS")); } return null; } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { try { PolicyMappingsExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - ext = (PolicyMappingsExtension) - getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); + ext = (PolicyMappingsExtension) getExtension( + PKIXExtensions.PolicyMappings_Id.toString(), info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } if (name.equals(VAL_CRITICAL)) { - ext = (PolicyMappingsExtension) - getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); + ext = (PolicyMappingsExtension) getExtension( + PKIXExtensions.PolicyMappings_Id.toString(), info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_DOMAINS)) { - ext = (PolicyMappingsExtension) - getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); - - if(ext == null) { + ext.setCritical(val); + } else if (name.equals(VAL_DOMAINS)) { + ext = (PolicyMappingsExtension) getExtension( + PKIXExtensions.PolicyMappings_Id.toString(), info); + + if (ext == null) { return; - } + } Vector v = parseRecords(value); int size = v.size(); @@ -232,68 +220,67 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { enable = nvps.getValue(name1); } } - + if (enable != null && enable.equals("true")) { - if (issuerPolicyId == null || - issuerPolicyId.length() == 0 || subjectPolicyId == null || - subjectPolicyId.length() == 0) - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_PROFILE_POLICY_ID_NOT_FOUND")); + if (issuerPolicyId == null + || issuerPolicyId.length() == 0 + || subjectPolicyId == null + || subjectPolicyId.length() == 0) + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_PROFILE_POLICY_ID_NOT_FOUND")); CertificatePolicyMap map = new CertificatePolicyMap( - new CertificatePolicyId(new ObjectIdentifier(issuerPolicyId)), - new CertificatePolicyId(new ObjectIdentifier(subjectPolicyId))); + new CertificatePolicyId(new ObjectIdentifier( + issuerPolicyId)), + new CertificatePolicyId(new ObjectIdentifier( + subjectPolicyId))); policyMaps.addElement(map); } } ext.set(PolicyMappingsExtension.MAP, policyMaps); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - replaceExtension(PKIXExtensions.PolicyMappings_Id.toString(), - ext, info); + replaceExtension(PKIXExtensions.PolicyMappings_Id.toString(), ext, + info); } catch (EProfileException e) { CMS.debug("PolicyMappingsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } catch (IOException e) { CMS.debug("PolicyMappingsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { PolicyMappingsExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - ext = (PolicyMappingsExtension) - getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); - if(ext == null) - { + ext = (PolicyMappingsExtension) getExtension( + PKIXExtensions.PolicyMappings_Id.toString(), info); + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (PolicyMappingsExtension) - getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); + ext = (PolicyMappingsExtension) getExtension( + PKIXExtensions.PolicyMappings_Id.toString(), info); if (ext == null) { return null; @@ -303,10 +290,9 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_DOMAINS)) { - ext = (PolicyMappingsExtension) - getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); + } else if (name.equals(VAL_DOMAINS)) { + ext = (PolicyMappingsExtension) getExtension( + PKIXExtensions.PolicyMappings_Id.toString(), info); if (ext == null) return ""; @@ -314,7 +300,7 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { int num_mappings = getNumMappings(); Enumeration maps = ext.getMappings(); - + int num = 0; StringBuffer sb = new StringBuffer(); @@ -323,12 +309,12 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { for (int i = 0; i < num_mappings; i++) { NameValuePairs pairs = new NameValuePairs(); - if (maps.hasMoreElements()) { - CertificatePolicyMap map = - (CertificatePolicyMap) maps.nextElement(); - + if (maps.hasMoreElements()) { + CertificatePolicyMap map = (CertificatePolicyMap) maps + .nextElement(); + CertificatePolicyId i1 = map.getIssuerIdentifier(); - CertificatePolicyId s1 = map.getSubjectIdentifier(); + CertificatePolicyId s1 = map.getSubjectIdentifier(); pairs.add(ISSUER_POLICY_ID, i1.getIdentifier().toString()); pairs.add(SUBJECT_POLICY_ID, s1.getIdentifier().toString()); @@ -337,15 +323,15 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { pairs.add(ISSUER_POLICY_ID, ""); pairs.add(SUBJECT_POLICY_ID, ""); pairs.add(POLICY_ID_ENABLE, "false"); - + } recs.addElement(pairs); - } - + } + return buildRecords(recs); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } @@ -368,8 +354,8 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { sb.append(getConfig(CONFIG_ENABLE + i)); sb.append("}"); } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_POLICY_MAPPINGS_EXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_POLICY_MAPPINGS_EXT", getConfig(CONFIG_CRITICAL), sb.toString()); } @@ -377,24 +363,23 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { PolicyMappingsExtension ext = createExtension(); if (ext == null) return; - addExtension(PKIXExtensions.PolicyMappings_Id.toString(), - ext, info); + addExtension(PKIXExtensions.PolicyMappings_Id.toString(), ext, info); } public PolicyMappingsExtension createExtension() { - PolicyMappingsExtension ext = null; + PolicyMappingsExtension ext = null; try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); Vector policyMaps = new Vector(); int num = getNumMappings(); - for (int i = 0; i < num; i++) { + for (int i = 0; i < num; i++) { String enable = getConfig(CONFIG_ENABLE + i); if (enable != null && enable.equals("true")) { @@ -404,15 +389,17 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { return null; } - String subjectID = getConfig(CONFIG_SUBJECT_DOMAIN_POLICY + i); + String subjectID = getConfig(CONFIG_SUBJECT_DOMAIN_POLICY + + i); if (subjectID == null || subjectID.length() == 0) { return null; } CertificatePolicyMap map = new CertificatePolicyMap( - new CertificatePolicyId(new ObjectIdentifier(issuerID)), - new CertificatePolicyId(new ObjectIdentifier(subjectID))); + new CertificatePolicyId(new ObjectIdentifier( + issuerID)), new CertificatePolicyId( + new ObjectIdentifier(subjectID))); policyMaps.addElement(map); } @@ -420,8 +407,8 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { ext = new PolicyMappingsExtension(critical, policyMaps); } catch (Exception e) { - CMS.debug("PolicyMappingsExtDefault: createExtension " + - e.toString()); + CMS.debug("PolicyMappingsExtDefault: createExtension " + + e.toString()); } return ext; diff --git a/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java index f1a71ff98..dd522f306 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.text.ParsePosition; import java.text.SimpleDateFormat; import java.util.Date; @@ -37,12 +36,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a Private Key Usage Period extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates a Private + * Key Usage Period extension into the certificate template. + * * @version $Revision$, $Date$ */ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { @@ -70,125 +67,115 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_START_TIME)) { - return new Descriptor(IDescriptor.STRING, null, - "0", - CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_START_TIME")); + return new Descriptor(IDescriptor.STRING, null, "0", + CMS.getUserMessage(locale, + "CMS_PROFILE_VALIDITY_START_TIME")); } else if (name.equals(CONFIG_DURATION)) { - return new Descriptor(IDescriptor.STRING, null, - "365", + return new Descriptor(IDescriptor.STRING, null, "365", CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_RANGE")); } else { return null; } } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) throws EPropertyException { if (name.equals(CONFIG_START_TIME)) { - try { - Integer.parseInt(value); - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_START_TIME)); - } + try { + Integer.parseInt(value); + } catch (Exception e) { + throw new EPropertyException(CMS.getUserMessage( + "CMS_INVALID_PROPERTY", CONFIG_START_TIME)); + } } else if (name.equals(CONFIG_DURATION)) { - try { - Integer.parseInt(value); - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_DURATION)); - } + try { + Integer.parseInt(value); + } catch (Exception e) { + throw new EPropertyException(CMS.getUserMessage( + "CMS_INVALID_PROPERTY", CONFIG_DURATION)); + } } super.setConfig(name, value); } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_NOT_BEFORE)) { - return new Descriptor(IDescriptor.STRING, null, - "0", + return new Descriptor(IDescriptor.STRING, null, "0", CMS.getUserMessage(locale, "CMS_PROFILE_NOT_BEFORE")); } else if (name.equals(VAL_NOT_AFTER)) { - return new Descriptor(IDescriptor.STRING, null, - "30", + return new Descriptor(IDescriptor.STRING, null, "30", CMS.getUserMessage(locale, "CMS_PROFILE_NOT_AFTER")); } else { return null; } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { try { PrivateKeyUsageExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } ObjectIdentifier oid = PKIXExtensions.PrivateKeyUsage_Id; - ext = (PrivateKeyUsageExtension) - getExtension(oid.toString(), info); + ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } if (name.equals(VAL_CRITICAL)) { - ext = (PrivateKeyUsageExtension) - getExtension(oid.toString(), info); + ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), + info); boolean val = Boolean.valueOf(value).booleanValue(); - if (ext == null) { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); - ParsePosition pos = new ParsePosition(0); + ext.setCritical(val); + } else if (name.equals(VAL_NOT_BEFORE)) { + SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT); + ParsePosition pos = new ParsePosition(0); Date date = formatter.parse(value, pos); - ext = (PrivateKeyUsageExtension) - getExtension(oid.toString(), info); + ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), + info); - if (ext == null) { + if (ext == null) { return; } ext.set(PrivateKeyUsageExtension.NOT_BEFORE, date); - } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); - ParsePosition pos = new ParsePosition(0); + } else if (name.equals(VAL_NOT_AFTER)) { + SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT); + ParsePosition pos = new ParsePosition(0); Date date = formatter.parse(value, pos); - ext = (PrivateKeyUsageExtension) - getExtension(oid.toString(), info); + ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), + info); - if (ext == null) { + if (ext == null) { return; } ext.set(PrivateKeyUsageExtension.NOT_AFTER, date); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } replaceExtension(ext.getExtensionId().toString(), ext, info); @@ -199,37 +186,33 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { PrivateKeyUsageExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } ObjectIdentifier oid = PKIXExtensions.PrivateKeyUsage_Id; - ext = (PrivateKeyUsageExtension) - getExtension(oid.toString(), info); + ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (PrivateKeyUsageExtension) - getExtension(oid.toString(), info); + ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info); if (ext == null) { return null; @@ -239,80 +222,74 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + } else if (name.equals(VAL_NOT_BEFORE)) { + SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT); - ext = (PrivateKeyUsageExtension) - getExtension(oid.toString(), info); + ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info); if (ext == null) return ""; return formatter.format(ext.getNotBefore()); - } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + } else if (name.equals(VAL_NOT_AFTER)) { + SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT); - ext = (PrivateKeyUsageExtension) - getExtension(oid.toString(), info); + ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info); if (ext == null) return ""; return formatter.format(ext.getNotAfter()); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_START_TIME), - getConfig(CONFIG_DURATION) - }; + String params[] = { getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_START_TIME), getConfig(CONFIG_DURATION) }; - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_PRIVATE_KEY_EXT", params); + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_PRIVATE_KEY_EXT", + params); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { PrivateKeyUsageExtension ext = createExtension(); addExtension(ext.getExtensionId().toString(), ext, info); } public PrivateKeyUsageExtension createExtension() { - PrivateKeyUsageExtension ext = null; + PrivateKeyUsageExtension ext = null; try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); - // always + 60 seconds + // always + 60 seconds String startTimeStr = getConfig(CONFIG_START_TIME); - if (startTimeStr == null || startTimeStr.equals("")) { - startTimeStr = "60"; - } - int startTime = Integer.parseInt(startTimeStr); - Date notBefore = new Date(CMS.getCurrentDate().getTime() + - (1000 * startTime)); + if (startTimeStr == null || startTimeStr.equals("")) { + startTimeStr = "60"; + } + int startTime = Integer.parseInt(startTimeStr); + Date notBefore = new Date(CMS.getCurrentDate().getTime() + + (1000 * startTime)); long notAfterVal = 0; - notAfterVal = notBefore.getTime() + - (mDefault * Integer.parseInt(getConfig(CONFIG_DURATION))); + notAfterVal = notBefore.getTime() + + (mDefault * Integer.parseInt(getConfig(CONFIG_DURATION))); Date notAfter = new Date(notAfterVal); ext = new PrivateKeyUsageExtension(notBefore, notAfter); - ext.setCritical(critical); + ext.setCritical(critical); } catch (Exception e) { - CMS.debug("PrivateKeyUsagePeriodExt: createExtension " + - e.toString()); + CMS.debug("PrivateKeyUsagePeriodExt: createExtension " + + e.toString()); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java index 4bca93503..0be293730 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.util.Locale; import netscape.security.x509.AlgorithmId; @@ -34,12 +33,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a signing algorithm - * into the certificate template. - * + * This class implements an enrollment default policy that populates a signing + * algorithm into the certificate template. + * * @version $Revision$, $Date$ */ public class SigningAlgDefault extends EnrollDefault { @@ -47,8 +44,7 @@ public class SigningAlgDefault extends EnrollDefault { public static final String CONFIG_ALGORITHM = "signingAlg"; public static final String VAL_ALGORITHM = "signingAlg"; - public static final String DEF_CONFIG_ALGORITHMS = - "-,MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA"; + public static final String DEF_CONFIG_ALGORITHMS = "-,MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA"; public SigningAlgDefault() { super(); @@ -57,89 +53,83 @@ public class SigningAlgDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_ALGORITHM)) { return new Descriptor(IDescriptor.CHOICE, DEF_CONFIG_ALGORITHMS, - "SHA256withRSA", - CMS.getUserMessage(locale, "CMS_PROFILE_SIGNING_ALGORITHM")); + "SHA256withRSA", CMS.getUserMessage(locale, + "CMS_PROFILE_SIGNING_ALGORITHM")); } else { return null; - } + } } - public String getSigningAlg() - { - String signingAlg = getConfig(CONFIG_ALGORITHM); - // if specified, use the specified one. Otherwise, pick - // the best selection for the user - if (signingAlg == null || signingAlg.equals("") || - signingAlg.equals("-")) { - // best pick for the user - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); - return ca.getDefaultAlgorithm(); - } else { - return signingAlg; - } + public String getSigningAlg() { + String signingAlg = getConfig(CONFIG_ALGORITHM); + // if specified, use the specified one. Otherwise, pick + // the best selection for the user + if (signingAlg == null || signingAlg.equals("") + || signingAlg.equals("-")) { + // best pick for the user + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_CA); + return ca.getDefaultAlgorithm(); + } else { + return signingAlg; + } } - public String getDefSigningAlgorithms() - { - StringBuffer allowed = new StringBuffer(); - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); - String algos[] = ca.getCASigningAlgorithms(); - for (int i = 0; i < algos.length; i++) { - if (allowed.length()== 0) { - allowed.append(algos[i]); - } else { - allowed.append(","); - allowed.append(algos[i]); + public String getDefSigningAlgorithms() { + StringBuffer allowed = new StringBuffer(); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_CA); + String algos[] = ca.getCASigningAlgorithms(); + for (int i = 0; i < algos.length; i++) { + if (allowed.length() == 0) { + allowed.append(algos[i]); + } else { + allowed.append(","); + allowed.append(algos[i]); + } } - } - return allowed.toString(); - } + return allowed.toString(); + } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_ALGORITHM)) { String allowed = getDefSigningAlgorithms(); - return new Descriptor(IDescriptor.CHOICE, - allowed, null, + return new Descriptor(IDescriptor.CHOICE, allowed, null, CMS.getUserMessage(locale, "CMS_PROFILE_SIGNING_ALGORITHM")); } return null; } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_ALGORITHM)) { try { - info.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId( + info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId( AlgorithmId.getAlgorithmId(value))); } catch (Exception e) { CMS.debug("SigningAlgDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { if (name == null) throw new EPropertyException("Invalid name " + name); @@ -148,26 +138,26 @@ public class SigningAlgDefault extends EnrollDefault { CertificateAlgorithmId algId = null; try { - algId = (CertificateAlgorithmId) - info.get(X509CertInfo.ALGORITHM_ID); - AlgorithmId id = (AlgorithmId) - algId.get(CertificateAlgorithmId.ALGORITHM); + algId = (CertificateAlgorithmId) info + .get(X509CertInfo.ALGORITHM_ID); + AlgorithmId id = (AlgorithmId) algId + .get(CertificateAlgorithmId.ALGORITHM); return id.toString(); } catch (Exception e) { CMS.debug("SigningAlgDefault: getValue " + e.toString()); } - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIGNING_ALGORITHM", + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIGNING_ALGORITHM", getSigningAlg()); } @@ -175,10 +165,9 @@ public class SigningAlgDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { try { - info.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId( + info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId( AlgorithmId.getAlgorithmId(getSigningAlg()))); } catch (Exception e) { CMS.debug("SigningAlgDefault: populate " + e.toString()); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java index 64d822e8f..e652f033c 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -43,12 +42,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a subject alternative name extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates a subject + * alternative name extension into the certificate template. + * * @version $Revision$, $Date$ */ public class SubjectAltNameExtDefault extends EnrollExtDefault { @@ -91,70 +88,67 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { } if (num >= MAX_NUM_GN) - num = DEF_NUM_GN; + num = DEF_NUM_GN; return num; } - public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { - super.init(profile,config); - refreshConfigAndValueNames(); + super.init(profile, config); + refreshConfigAndValueNames(); // migrate old parameters to new parameters String old_type = null; String old_pattern = null; IConfigStore paramConfig = config.getSubStore("params"); try { - if (paramConfig != null) { - old_type = paramConfig.getString(CONFIG_OLD_TYPE); - } + if (paramConfig != null) { + old_type = paramConfig.getString(CONFIG_OLD_TYPE); + } } catch (EBaseException e) { - // nothing to do here + // nothing to do here } - CMS.debug("SubjectAltNameExtDefault: Upgrading old_type=" + - old_type); + CMS.debug("SubjectAltNameExtDefault: Upgrading old_type=" + old_type); try { - if (paramConfig != null) { - old_pattern = paramConfig.getString(CONFIG_OLD_PATTERN); - } + if (paramConfig != null) { + old_pattern = paramConfig.getString(CONFIG_OLD_PATTERN); + } } catch (EBaseException e) { - // nothing to do here + // nothing to do here } - CMS.debug("SubjectAltNameExtDefault: Upgrading old_pattern=" + - old_pattern); - if (old_type != null && old_pattern != null) { - CMS.debug("SubjectAltNameExtDefault: Upgrading"); - try { - paramConfig.putString(CONFIG_NUM_GNS, "1"); - paramConfig.putString(CONFIG_GN_ENABLE + "0", "true"); - paramConfig.putString(CONFIG_TYPE + "0", old_type); - paramConfig.putString(CONFIG_PATTERN + "0", old_pattern); - paramConfig.remove(CONFIG_OLD_TYPE); - paramConfig.remove(CONFIG_OLD_PATTERN); - profile.getConfigStore().commit(true); - } catch (Exception e) { - CMS.debug("SubjectAltNameExtDefault: Failed to upgrade " + e); - } + CMS.debug("SubjectAltNameExtDefault: Upgrading old_pattern=" + + old_pattern); + if (old_type != null && old_pattern != null) { + CMS.debug("SubjectAltNameExtDefault: Upgrading"); + try { + paramConfig.putString(CONFIG_NUM_GNS, "1"); + paramConfig.putString(CONFIG_GN_ENABLE + "0", "true"); + paramConfig.putString(CONFIG_TYPE + "0", old_type); + paramConfig.putString(CONFIG_PATTERN + "0", old_pattern); + paramConfig.remove(CONFIG_OLD_TYPE); + paramConfig.remove(CONFIG_OLD_PATTERN); + profile.getConfigStore().commit(true); + } catch (Exception e) { + CMS.debug("SubjectAltNameExtDefault: Failed to upgrade " + e); + } } } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_GNS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_GN || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_GN || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_GNS)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_GNS)); - } + "CMS_INVALID_PROPERTY", CONFIG_NUM_GNS)); + } } super.setConfig(name, value); } @@ -174,34 +168,31 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { int num = getNumGNs(); addConfigName(CONFIG_NUM_GNS); for (int i = 0; i < num; i++) { - addConfigName(CONFIG_TYPE + i); - addConfigName(CONFIG_PATTERN + i); - addConfigName(CONFIG_GN_ENABLE + i); + addConfigName(CONFIG_TYPE + i); + addConfigName(CONFIG_PATTERN + i); + addConfigName(CONFIG_GN_ENABLE + i); } } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { + + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_TYPE)) { - return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName,OtherName", - "RFC822Name", - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_ALT_NAME_TYPE")); + return new Descriptor( + IDescriptor.CHOICE, + "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName,OtherName", + "RFC822Name", CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_ALT_NAME_TYPE")); } else if (name.startsWith(CONFIG_PATTERN)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_ALT_NAME_PATTERN")); + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_ALT_NAME_PATTERN")); } else if (name.startsWith(CONFIG_GN_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_GN_ENABLE")); } else if (name.startsWith(CONFIG_NUM_GNS)) { - return new Descriptor(IDescriptor.INTEGER, null, - "1", + return new Descriptor(IDescriptor.INTEGER, null, "1", CMS.getUserMessage(locale, "CMS_PROFILE_NUM_GNS")); } @@ -210,41 +201,37 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_GENERAL_NAMES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES")); } else { return null; } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { try { SubjectAlternativeNameExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + if (name == null) { + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - ext = - (SubjectAlternativeNameExtension) - getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); + ext = (SubjectAlternativeNameExtension) getExtension( + PKIXExtensions.SubjectAlternativeName_Id.toString(), info); - if(ext == null) { - populate(null,info); - } + if (ext == null) { + populate(null, info); + } if (name.equals(VAL_CRITICAL)) { - ext = - (SubjectAlternativeNameExtension) - getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); + ext = (SubjectAlternativeNameExtension) getExtension( + PKIXExtensions.SubjectAlternativeName_Id.toString(), + info); if (ext == null) { // it is ok, the extension is never populated or delted @@ -254,9 +241,9 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { ext.setCritical(critical); } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = - (SubjectAlternativeNameExtension) - getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); + ext = (SubjectAlternativeNameExtension) getExtension( + PKIXExtensions.SubjectAlternativeName_Id.toString(), + info); if (ext == null) { // it is ok, the extension is never populated or delted @@ -264,7 +251,9 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { } if (value.equals("")) { // if value is empty, do not add this extension - deleteExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); + deleteExtension( + PKIXExtensions.SubjectAlternativeName_Id.toString(), + info); return; } GeneralNames gn = new GeneralNames(); @@ -279,64 +268,63 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { } GeneralNameInterface n = parseGeneralName(gname); if (n != null) { - gn.addElement(n); + gn.addElement(n); } } if (gn.size() == 0) { - CMS.debug("GN size is zero"); - deleteExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); + CMS.debug("GN size is zero"); + deleteExtension( + PKIXExtensions.SubjectAlternativeName_Id.toString(), + info); return; } else { - CMS.debug("GN size is non zero (" + gn.size() + ")"); - ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn); + CMS.debug("GN size is non zero (" + gn.size() + ")"); + ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn); } } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } replaceExtension( - PKIXExtensions.SubjectAlternativeName_Id.toString(), - ext, info); + PKIXExtensions.SubjectAlternativeName_Id.toString(), ext, + info); } catch (IOException e) { CMS.debug("SubjectAltNameExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } catch (EProfileException e) { CMS.debug("SubjectAltNameExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { try { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - SubjectAlternativeNameExtension ext = - (SubjectAlternativeNameExtension) - getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); + SubjectAlternativeNameExtension ext = (SubjectAlternativeNameExtension) getExtension( + PKIXExtensions.SubjectAlternativeName_Id.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = - (SubjectAlternativeNameExtension) - getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); + ext = (SubjectAlternativeNameExtension) getExtension( + PKIXExtensions.SubjectAlternativeName_Id.toString(), + info); if (ext == null) { return null; @@ -347,106 +335,108 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { return "false"; } } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = - (SubjectAlternativeNameExtension) - getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); + ext = (SubjectAlternativeNameExtension) getExtension( + PKIXExtensions.SubjectAlternativeName_Id.toString(), + info); if (ext == null) { return null; } - GeneralNames names = (GeneralNames) - ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME); + GeneralNames names = (GeneralNames) ext + .get(SubjectAlternativeNameExtension.SUBJECT_NAME); StringBuffer sb = new StringBuffer(); Enumeration e = names.elements(); while (e.hasMoreElements()) { Object o = (Object) e.nextElement(); if (!(o instanceof GeneralName)) - continue; + continue; GeneralName gn = (GeneralName) o; if (!sb.toString().equals("")) { sb.append("\r\n"); } sb.append(toGeneralNameString(gn)); - CMS.debug("SubjectAltNameExtDefault: getValue append GN:" + toGeneralNameString(gn)); + CMS.debug("SubjectAltNameExtDefault: getValue append GN:" + + toGeneralNameString(gn)); } return sb.toString(); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } catch (IOException e) { - CMS.debug("SubjectAltNameExtDefault: getValue " + - e.toString()); + CMS.debug("SubjectAltNameExtDefault: getValue " + e.toString()); } return null; } /* - * returns text that goes into description for this extension on - * a profile + * returns text that goes into description for this extension on a profile */ public String getText(Locale locale) { StringBuffer sb = new StringBuffer(); String numGNs = getConfig(CONFIG_NUM_GNS); int num = getNumGNs(); - for (int i= 0; i< num; i++) { + for (int i = 0; i < num; i++) { sb.append("Record #"); sb.append(i); sb.append("{"); sb.append(GN_PATTERN + ":"); sb.append(getConfig(CONFIG_PATTERN + i)); sb.append(","); - sb.append(GN_TYPE +":"); - sb.append(getConfig(CONFIG_TYPE +i)); + sb.append(GN_TYPE + ":"); + sb.append(getConfig(CONFIG_TYPE + i)); sb.append(","); sb.append(GN_ENABLE + ":"); sb.append(getConfig(CONFIG_GN_ENABLE + i)); sb.append("}"); - }; + } + ; - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_ALT_NAME_EXT", getConfig(CONFIG_CRITICAL), sb.toString()); + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_SUBJECT_ALT_NAME_EXT", + getConfig(CONFIG_CRITICAL), sb.toString()); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { SubjectAlternativeNameExtension ext = null; try { - /* read from config file*/ + /* read from config file */ ext = createExtension(request); } catch (IOException e) { CMS.debug("SubjectAltNameExtDefault: populate " + e.toString()); } if (ext != null) { - addExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), - ext, info); + addExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), + ext, info); } else { CMS.debug("SubjectAltNameExtDefault: populate sees no extension. get out"); } } public SubjectAlternativeNameExtension createExtension(IRequest request) - throws IOException { + throws IOException { SubjectAlternativeNameExtension ext = null; int num = getNumGNs(); - boolean critical = Boolean.valueOf( - getConfig(CONFIG_CRITICAL)).booleanValue(); + boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL)) + .booleanValue(); GeneralNames gn = new GeneralNames(); int count = 0; // # of actual gnames - for (int i=0; i< num; i++) { - String enable = getConfig(CONFIG_GN_ENABLE +i); + for (int i = 0; i < num; i++) { + String enable = getConfig(CONFIG_GN_ENABLE + i); if (enable != null && enable.equals("true")) { - CMS.debug("SubjectAltNameExtDefault: createExtension i=" +i); - + CMS.debug("SubjectAltNameExtDefault: createExtension i=" + i); + String pattern = getConfig(CONFIG_PATTERN + i); if (pattern == null || pattern.equals("")) { pattern = " "; @@ -457,28 +447,31 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { // cfu - see if this is server-generated (e.g. UUID4) // to use this feature, use $server.source$ in pattern - String source = getConfig(CONFIG_SOURCE +i); + String source = getConfig(CONFIG_SOURCE + i); String type = getConfig(CONFIG_TYPE + i); if ((source != null) && (!source.equals(""))) { if (type.equalsIgnoreCase("OtherName")) { - CMS.debug("SubjectAlternativeNameExtension: using "+ - source+ " as gn"); + CMS.debug("SubjectAlternativeNameExtension: using " + + source + " as gn"); if (source.equals(CONFIG_SOURCE_UUID4)) { - UUID randUUID = UUID.randomUUID(); - // call the mapPattern that does server-side gen - // request is not used, but needed for the substitute - // function - gname = mapPattern(randUUID.toString(), request, pattern); - } else { //expand more server-gen types here - CMS.debug("SubjectAltNameExtDefault: createExtension - unsupported server-generated type: "+source+". Supported: UUID4"); - continue; + UUID randUUID = UUID.randomUUID(); + // call the mapPattern that does server-side gen + // request is not used, but needed for the + // substitute + // function + gname = mapPattern(randUUID.toString(), + request, pattern); + } else { // expand more server-gen types here + CMS.debug("SubjectAltNameExtDefault: createExtension - unsupported server-generated type: " + + source + ". Supported: UUID4"); + continue; } } else { - CMS.debug("SubjectAltNameExtDefault: createExtension - source is only supported for subjAltExtType OtherName"); - continue; + CMS.debug("SubjectAltNameExtDefault: createExtension - source is only supported for subjAltExtType OtherName"); + continue; } } else { - if (request != null) { + if (request != null) { gname = mapPattern(request, pattern); } } @@ -487,11 +480,13 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { CMS.debug("gname is empty, not added"); continue; } - CMS.debug("SubjectAltNameExtDefault: createExtension got gname=" +gname); + CMS.debug("SubjectAltNameExtDefault: createExtension got gname=" + + gname); - GeneralNameInterface n = parseGeneralName(type + ":" + gname); + GeneralNameInterface n = parseGeneralName(type + ":" + + gname); - CMS.debug("adding gname: "+gname); + CMS.debug("adding gname: " + gname); if (n != null) { CMS.debug("SubjectAlternativeNameExtension: n not null"); gn.addElement(n); @@ -500,26 +495,26 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { CMS.debug("SubjectAlternativeNameExtension: n null"); } } - } - } //for + } + } // for if (count != 0) { - try { - ext = new SubjectAlternativeNameExtension(); - } catch (Exception e) { - CMS.debug(e.toString()); - throw new IOException( e.toString() ); - } - ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn); - ext.setCritical(critical); + try { + ext = new SubjectAlternativeNameExtension(); + } catch (Exception e) { + CMS.debug(e.toString()); + throw new IOException(e.toString()); + } + ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn); + ext.setCritical(critical); } else { - CMS.debug("count is 0"); - } + CMS.debug("count is 0"); + } return ext; } - public String mapPattern(IRequest request, String pattern) - throws IOException { + public String mapPattern(IRequest request, String pattern) + throws IOException { Pattern p = new Pattern(pattern); IAttrSet attrSet = null; if (request != null) { @@ -529,8 +524,8 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { } // for server-side generated values - public String mapPattern(String val, IRequest request, String pattern) - throws IOException { + public String mapPattern(String val, IRequest request, String pattern) + throws IOException { Pattern p = new Pattern(pattern); IAttrSet attrSet = null; if (request != null) { @@ -539,7 +534,8 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { try { attrSet.set("source", val); } catch (Exception e) { - CMS.debug("SubjectAlternativeNameExtension: mapPattern source "+e.toString()); + CMS.debug("SubjectAlternativeNameExtension: mapPattern source " + + e.toString()); } return p.substitute("server", attrSet); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java index 0259fb36e..aecbdc8c1 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java @@ -43,10 +43,9 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; /** - * This class implements an enrollment default policy - * that populates a subject directory attributes extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates a subject + * directory attributes extension into the certificate template. + * * @version $Revision$, $Date$ */ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { @@ -71,7 +70,7 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } @@ -94,27 +93,25 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { return num; } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) throws EPropertyException { int num = 0; if (name.equals(DEF_NUM_ATTRS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_ATTRS || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_ATTRS || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_ATTRS)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_ATTRS)); - } + "CMS_INVALID_PROPERTY", CONFIG_NUM_ATTRS)); + } } super.setConfig(name, value); } - public Enumeration getConfigNames() { refreshConfigAndValueNames(); return super.getConfigNames(); @@ -136,93 +133,82 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_CRITICAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_ATTR_NAME)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ATTRS")); } else if (name.startsWith(CONFIG_ATTR_NAME)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ATTR_NAME")); } else if (name.startsWith(CONFIG_PATTERN)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ATTR_VALUE")); } else if (name.startsWith(CONFIG_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - null, + return new Descriptor(IDescriptor.BOOLEAN, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); } else if (name.startsWith(CONFIG_NUM_ATTRS)) { - return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ATTRS")); - } + return new Descriptor(IDescriptor.INTEGER, null, "1", + CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ATTRS")); + } return null; } public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + if (name.equals(VAL_CRITICAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_ATTR)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_SUBJDIR_ATTRS")); } else { return null; } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { try { SubjectDirAttributesExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + if (name == null) { + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); + ext = (SubjectDirAttributesExtension) getExtension( + PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + info); if (name.equals(VAL_CRITICAL)) { - ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); + ext = (SubjectDirAttributesExtension) getExtension( + PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) - { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_ATTR)) { - ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); - - if(ext == null) - { + ext.setCritical(val); + } else if (name.equals(VAL_ATTR)) { + ext = (SubjectDirAttributesExtension) getExtension( + PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + info); + + if (ext == null) { return; } Vector v = parseRecords(value); int size = v.size(); - + boolean critical = ext.isCritical(); X500NameAttrMap map = X500NameAttrMap.getDefault(); Vector attrV = new Vector(); - for (int i=0; i < size; i++) { + for (int i = 0; i < size; i++) { NameValuePairs nvps = (NameValuePairs) v.elementAt(i); Enumeration names = nvps.getNames(); String attrName = null; @@ -241,8 +227,8 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { } if (enable.equals("true")) { - AttributeConfig attributeConfig = - new AttributeConfig(attrName, attrValue); + AttributeConfig attributeConfig = new AttributeConfig( + attrName, attrValue); Attribute attr = attributeConfig.mAttribute; if (attr != null) attrV.addElement(attr); @@ -256,43 +242,42 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { } else return; } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - replaceExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - ext, info); + replaceExtension( + PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + ext, info); } catch (EProfileException e) { - CMS.debug("SubjectDirAttributesExtDefault: setValue " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + CMS.debug("SubjectDirAttributesExtDefault: setValue " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } catch (IOException e) { - CMS.debug("SubjectDirAttributesExtDefault: setValue " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + CMS.debug("SubjectDirAttributesExtDefault: setValue " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { SubjectDirAttributesExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); + ext = (SubjectDirAttributesExtension) getExtension( + PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), info); if (name.equals(VAL_CRITICAL)) { - ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); + ext = (SubjectDirAttributesExtension) getExtension( + PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + info); if (ext == null) { return null; @@ -302,10 +287,10 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_ATTR)) { - ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); + } else if (name.equals(VAL_ATTR)) { + ext = (SubjectDirAttributesExtension) getExtension( + PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + info); if (ext == null) return ""; @@ -315,42 +300,45 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { Vector recs = new Vector(); int num = getNumAttrs(); Enumeration e = ext.getAttributesList(); - CMS.debug("SubjectDirAttributesExtDefault: getValue: attributesList="+e); - int i=0; + CMS.debug("SubjectDirAttributesExtDefault: getValue: attributesList=" + + e); + int i = 0; while (e.hasMoreElements()) { NameValuePairs pairs = new NameValuePairs(); pairs.add(ENABLE, "true"); - Attribute attr = (Attribute)(e.nextElement()); - CMS.debug("SubjectDirAttributesExtDefault: getValue: attribute="+attr); + Attribute attr = (Attribute) (e.nextElement()); + CMS.debug("SubjectDirAttributesExtDefault: getValue: attribute=" + + attr); ObjectIdentifier oid = attr.getOid(); - CMS.debug("SubjectDirAttributesExtDefault: getValue: oid="+oid); - + CMS.debug("SubjectDirAttributesExtDefault: getValue: oid=" + + oid); + String vv = map.getName(oid); - if (vv != null) + if (vv != null) pairs.add(ATTR_NAME, vv); else pairs.add(ATTR_NAME, oid.toString()); Enumeration v = attr.getValues(); - + // just support single value for now StringBuffer ss = new StringBuffer(); while (v.hasMoreElements()) { if (ss.length() == 0) - ss.append((String)(v.nextElement())); + ss.append((String) (v.nextElement())); else { ss.append(","); - ss.append((String)(v.nextElement())); + ss.append((String) (v.nextElement())); } } - pairs .add(ATTR_VALUE, ss.toString()); + pairs.add(ATTR_VALUE, ss.toString()); recs.addElement(pairs); i++; } - - for (;i < num; i++) { + + for (; i < num; i++) { NameValuePairs pairs = new NameValuePairs(); pairs.add(ENABLE, "false"); pairs.add(ATTR_NAME, "GENERATIONQUALIFIER"); @@ -360,8 +348,8 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { return buildRecords(recs); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } @@ -383,52 +371,50 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { sb.append(getConfig(CONFIG_ENABLE + i)); sb.append("}"); } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_SUBJECT_DIR_ATTR_EXT", - getConfig(CONFIG_CRITICAL), - sb.toString()); + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_SUBJECT_DIR_ATTR_EXT", + getConfig(CONFIG_CRITICAL), sb.toString()); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { SubjectDirAttributesExtension ext = createExtension(request); if (ext == null) return; - addExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - ext, info); + addExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + ext, info); } public SubjectDirAttributesExtension createExtension(IRequest request) - throws EProfileException { - SubjectDirAttributesExtension ext = null; + throws EProfileException { + SubjectDirAttributesExtension ext = null; int num = 0; boolean critical = getConfigBoolean(CONFIG_CRITICAL); num = getNumAttrs(); - + AttributeConfig attributeConfig = null; Vector attrs = new Vector(); for (int i = 0; i < num; i++) { - String enable = getConfig(CONFIG_ENABLE + i); + String enable = getConfig(CONFIG_ENABLE + i); if (enable != null && enable.equals("true")) { String attrName = getConfig(CONFIG_ATTR_NAME + i); - String pattern = getConfig(CONFIG_PATTERN + i); + String pattern = getConfig(CONFIG_PATTERN + i); if (pattern == null || pattern.equals("")) pattern = " "; - //check pattern syntax + // check pattern syntax int startpos = pattern.indexOf("$"); int lastpos = pattern.lastIndexOf("$"); String attrValue = pattern; - if (!pattern.equals("") && startpos != -1 && - startpos == 0 && lastpos != -1 && - lastpos == (pattern.length()-1)) { + if (!pattern.equals("") && startpos != -1 && startpos == 0 + && lastpos != -1 && lastpos == (pattern.length() - 1)) { if (request != null) { try { attrValue = mapPattern(request, pattern); @@ -436,7 +422,7 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { throw new EProfileException(e.toString()); } } - } + } try { attributeConfig = new AttributeConfig(attrName, attrValue); } catch (EPropertyException e) { @@ -453,8 +439,7 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { Attribute[] attrList = new Attribute[attrs.size()]; attrs.copyInto(attrList); try { - ext = - new SubjectDirAttributesExtension(attrList, critical); + ext = new SubjectDirAttributesExtension(attrList, critical); } catch (IOException e) { throw new EProfileException(e.toString()); } @@ -470,51 +455,52 @@ class AttributeConfig { protected Attribute mAttribute = null; public AttributeConfig(String attrName, String attrValue) - throws EPropertyException { + throws EPropertyException { X500NameAttrMap map = X500NameAttrMap.getDefault(); - + if (attrName == null || attrName.length() == 0) { - throw new EPropertyException( - CMS.getUserMessage("CMS_PROFILE_SUBJDIR_EMPTY_ATTRNAME", attrName)); + throw new EPropertyException(CMS.getUserMessage( + "CMS_PROFILE_SUBJDIR_EMPTY_ATTRNAME", attrName)); } - + if (attrValue == null || attrValue.length() == 0) { - throw new EPropertyException( - CMS.getUserMessage("CMS_PROFILE_SUBJDIR_EMPTY_ATTRVAL", attrValue)); + throw new EPropertyException(CMS.getUserMessage( + "CMS_PROFILE_SUBJDIR_EMPTY_ATTRVAL", attrValue)); } try { mAttributeOID = new ObjectIdentifier(attrName); } catch (Exception e) { - CMS.debug("SubjectDirAttributesExtDefault: invalid OID syntax: "+ attrName); + CMS.debug("SubjectDirAttributesExtDefault: invalid OID syntax: " + + attrName); } if (mAttributeOID == null) { mAttributeOID = map.getOid(attrName); if (mAttributeOID == null) - throw new EPropertyException( - CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", attrName)); + throw new EPropertyException(CMS.getUserMessage( + "CMS_BASE_INVALID_ATTRIBUTE", attrName)); try { checkValue(mAttributeOID, attrValue); } catch (IOException e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage())); + "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage())); } } - try { - mAttribute = new Attribute(mAttributeOID, - str2MultiValues(attrValue)); + mAttribute = new Attribute(mAttributeOID, + str2MultiValues(attrValue)); } catch (IOException e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage())); + "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage())); } } - private static void checkValue(ObjectIdentifier oid, String val) - throws IOException { - AVAValueConverter c = X500NameAttrMap.getDefault().getValueConverter(oid); + private static void checkValue(ObjectIdentifier oid, String val) + throws IOException { + AVAValueConverter c = X500NameAttrMap.getDefault().getValueConverter( + oid); DerValue derval; derval = c.getValue(val); // errs encountered will get thrown. @@ -527,7 +513,7 @@ class AttributeConfig { while (tokenizer.hasMoreTokens()) { v.addElement(tokenizer.nextToken()); } - + return v; } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java index 8a3f2afc8..115d3f622 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -40,11 +39,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates Subject Info Access extension. - * + * This class implements an enrollment default policy that populates Subject + * Info Access extension. + * * @version $Revision$, $Date$ */ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { @@ -87,29 +85,28 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { return num; } - + public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_ADS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_AD || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_AD || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); - } + "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); + } } super.setConfig(name, value); } @@ -137,30 +134,27 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_AD_METHOD)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_AD_METHOD")); } else if (name.startsWith(CONFIG_AD_LOCATIONTYPE)) { - return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", - "URIName", - CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATIONTYPE")); + return new Descriptor( + IDescriptor.CHOICE, + "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", + "URIName", CMS.getUserMessage(locale, + "CMS_PROFILE_AD_LOCATIONTYPE")); } else if (name.startsWith(CONFIG_AD_LOCATION)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATION")); } else if (name.startsWith(CONFIG_AD_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_AD_ENABLE")); - } else if (name.startsWith(CONFIG_NUM_ADS)) { - return new Descriptor(IDescriptor.INTEGER, null, - "1", + } else if (name.startsWith(CONFIG_NUM_ADS)) { + return new Descriptor(IDescriptor.INTEGER, null, "1", CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ADS")); } return null; @@ -168,58 +162,52 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_GENERAL_NAMES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES")); } else { return null; } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { try { SubjectInfoAccessExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + if (name == null) { + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - SubjectInfoAccessExtension a = new SubjectInfoAccessExtension(false); ObjectIdentifier oid = a.getExtensionId(); - ext = (SubjectInfoAccessExtension) - getExtension(oid.toString(), info); + ext = (SubjectInfoAccessExtension) getExtension(oid.toString(), + info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } - + if (name.equals(VAL_CRITICAL)) { - ext = (SubjectInfoAccessExtension) - getExtension(oid.toString(), info); + ext = (SubjectInfoAccessExtension) getExtension(oid.toString(), + info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) - { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_GENERAL_NAMES)) { + ext.setCritical(val); + } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = (SubjectInfoAccessExtension) - getExtension(oid.toString(), info); + ext = (SubjectInfoAccessExtension) getExtension(oid.toString(), + info); - if(ext == null) - { + if (ext == null) { return; } boolean critical = ext.isCritical(); @@ -255,73 +243,78 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { GeneralName gn = null; if (locationType != null || location != null) { - GeneralNameInterface interface1 = parseGeneralName(locationType + ":" + location); + GeneralNameInterface interface1 = parseGeneralName(locationType + + ":" + location); if (interface1 == null) - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", locationType)); + throw new EPropertyException( + CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", + locationType)); gn = new GeneralName(interface1); } - + if (method != null) { try { - ext.addAccessDescription(new ObjectIdentifier(method), gn); + ext.addAccessDescription(new ObjectIdentifier( + method), gn); } catch (NumberFormatException ee) { - CMS.debug("SubjectInfoAccessExtDefault: "+ee.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_PROFILE_DEF_SIA_OID", method)); + CMS.debug("SubjectInfoAccessExtDefault: " + + ee.toString()); + throw new EPropertyException( + CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_SIA_OID", + method)); } } } } } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } replaceExtension(ext.getExtensionId().toString(), ext, info); } catch (IOException e) { CMS.debug("SubjectInfoAccessExtDefault: " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } catch (EProfileException e) { CMS.debug("SubjectInfoAccessExtDefault: " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { SubjectInfoAccessExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + if (name == null) { + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } SubjectInfoAccessExtension a = new SubjectInfoAccessExtension(false); - ObjectIdentifier oid = a.getExtensionId(); + ObjectIdentifier oid = a.getExtensionId(); - ext = (SubjectInfoAccessExtension) - getExtension(oid.toString(), info); + ext = (SubjectInfoAccessExtension) getExtension(oid.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - CMS.debug("SubjectInfoAccessExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + CMS.debug("SubjectInfoAccessExtDefault: getValue " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (SubjectInfoAccessExtension) - getExtension(oid.toString(), info); + ext = (SubjectInfoAccessExtension) getExtension(oid.toString(), + info); if (ext == null) { return null; @@ -331,20 +324,20 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_GENERAL_NAMES)) { + } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = (SubjectInfoAccessExtension) - getExtension(oid.toString(), info); + ext = (SubjectInfoAccessExtension) getExtension(oid.toString(), + info); if (ext == null) return ""; int num = getNumAds(); - + CMS.debug("SubjectInfoAccess num=" + num); Vector recs = new Vector(); - for (int i = 0; i < num; i++) { + for (int i = 0; i < num; i++) { NameValuePairs np = new NameValuePairs(); AccessDescription des = null; @@ -358,7 +351,7 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { np.add(AD_ENABLE, "false"); } else { ObjectIdentifier methodOid = des.getMethod(); - GeneralName gn = des.getLocation(); + GeneralName gn = des.getLocation(); np.add(AD_METHOD, methodOid.toString()); np.add(AD_LOCATION_TYPE, getGeneralNameType(gn)); @@ -370,8 +363,8 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { return buildRecords(recs); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } @@ -397,7 +390,7 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { ads.append(getConfig(CONFIG_AD_ENABLE + i)); ads.append("}"); } - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIA_TEXT", + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIA_TEXT", getConfig(CONFIG_CRITICAL), ads.toString()); } @@ -405,14 +398,14 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { SubjectInfoAccessExtension ext = createExtension(); addExtension(ext.getExtensionId().toString(), ext, info); } public SubjectInfoAccessExtension createExtension() { - SubjectInfoAccessExtension ext = null; + SubjectInfoAccessExtension ext = null; int num = getNumAds(); try { @@ -434,21 +427,22 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { String hostname = CMS.getEENonSSLHost(); String port = CMS.getEENonSSLPort(); if (hostname != null && port != null) - location = "http://"+hostname+":"+port+"/ocsp"; + location = "http://" + hostname + ":" + port + + "/ocsp"; } } String s = locationType + ":" + location; GeneralNameInterface gn = parseGeneralName(s); if (gn != null) { - ext.addAccessDescription(new ObjectIdentifier(method), - new GeneralName(gn)); + ext.addAccessDescription(new ObjectIdentifier(method), + new GeneralName(gn)); } } } } catch (Exception e) { - CMS.debug("SubjectInfoAccessExtDefault: createExtension " + - e.toString()); + CMS.debug("SubjectInfoAccessExtDefault: createExtension " + + e.toString()); } return ext; diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java index d8b09f5db..729d279d9 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @@ -39,12 +38,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a subject key identifier extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates a subject + * key identifier extension into the certificate template. + * * @version $Revision$, $Date$ */ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { @@ -61,70 +58,61 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); + return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, + null, CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_KEY_ID)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ID")); + return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, + null, CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ID")); } else { return null; } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_CRITICAL)) { // read-only; do nothing } else if (name.equals(VAL_KEY_ID)) { // read-only; do nothing } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - SubjectKeyIdentifierExtension ext = - (SubjectKeyIdentifierExtension) getExtension( - PKIXExtensions.SubjectKey_Id.toString(), info); + SubjectKeyIdentifierExtension ext = (SubjectKeyIdentifierExtension) getExtension( + PKIXExtensions.SubjectKey_Id.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = - (SubjectKeyIdentifierExtension) getExtension( + ext = (SubjectKeyIdentifierExtension) getExtension( PKIXExtensions.SubjectKey_Id.toString(), info); if (ext == null) { @@ -136,8 +124,7 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { return "false"; } } else if (name.equals(VAL_KEY_ID)) { - ext = - (SubjectKeyIdentifierExtension) getExtension( + ext = (SubjectKeyIdentifierExtension) getExtension( PKIXExtensions.SubjectKey_Id.toString(), info); if (ext == null) { @@ -146,19 +133,18 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { KeyIdentifier kid = null; try { - kid = (KeyIdentifier) - ext.get(SubjectKeyIdentifierExtension.KEY_ID); + kid = (KeyIdentifier) ext + .get(SubjectKeyIdentifierExtension.KEY_ID); } catch (IOException e) { - CMS.debug( "SubjectKeyIdentifierExtDefault::getValue() - " + - "kid is null!" ); - throw new EPropertyException( CMS.getUserMessage( locale, - "CMS_INVALID_PROPERTY", - name ) ); + CMS.debug("SubjectKeyIdentifierExtDefault::getValue() - " + + "kid is null!"); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } return toHexString(kid.getIdentifier()); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } @@ -170,7 +156,7 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { SubjectKeyIdentifierExtension ext = createExtension(info); addExtension(PKIXExtensions.SubjectKey_Id.toString(), ext, info); @@ -184,36 +170,38 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { return null; } SubjectKeyIdentifierExtension ext = null; - - boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL)).booleanValue(); + + boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL)) + .booleanValue(); try { - ext = new SubjectKeyIdentifierExtension(critical, kid.getIdentifier()); + ext = new SubjectKeyIdentifierExtension(critical, + kid.getIdentifier()); } catch (IOException e) { - CMS.debug("SubjectKeyIdentifierExtDefault: createExtension " + - e.toString()); + CMS.debug("SubjectKeyIdentifierExtDefault: createExtension " + + e.toString()); // } return ext; } - public KeyIdentifier getKeyIdentifier(X509CertInfo info) { - try { - CertificateX509Key infokey = (CertificateX509Key) - info.get(X509CertInfo.KEY); + public KeyIdentifier getKeyIdentifier(X509CertInfo info) { + try { + CertificateX509Key infokey = (CertificateX509Key) info + .get(X509CertInfo.KEY); X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY); MessageDigest md = MessageDigest.getInstance("SHA-1"); - md.update(key.getKey()); + md.update(key.getKey()); byte[] hash = md.digest(); return new KeyIdentifier(hash); } catch (NoSuchAlgorithmException e) { - CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " + - e.toString()); + CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " + + e.toString()); } catch (Exception e) { - CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " + - e.toString()); + CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " + + e.toString()); } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java index 9f404e89b..09da34be2 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Locale; @@ -34,12 +33,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates server-side configurable subject name - * into the certificate template. - * + * This class implements an enrollment default policy that populates server-side + * configurable subject name into the certificate template. + * * @version $Revision$, $Date$ */ public class SubjectNameDefault extends EnrollDefault { @@ -55,15 +52,14 @@ public class SubjectNameDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_NAME)) { - return new Descriptor(IDescriptor.STRING, - null, "CN=TEST", CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_NAME)) { + return new Descriptor(IDescriptor.STRING, null, "CN=TEST", + CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } @@ -72,19 +68,17 @@ public class SubjectNameDefault extends EnrollDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_NAME)) { return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { X500Name x500name = null; @@ -92,59 +86,59 @@ public class SubjectNameDefault extends EnrollDefault { try { x500name = new X500Name(value); if (x500name != null) { - CMS.debug("SubjectNameDefault: setValue x500name=" + x500name.toString()); + CMS.debug("SubjectNameDefault: setValue x500name=" + + x500name.toString()); } } catch (IOException e) { CMS.debug("SubjectNameDefault: setValue " + e.toString()); // failed to build x500 name } - CMS.debug("SubjectNameDefault: setValue name=" + x500name.toString()); + CMS.debug("SubjectNameDefault: setValue name=" + + x500name.toString()); try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); + info.set(X509CertInfo.SUBJECT, new CertificateSubjectName( + x500name)); } catch (Exception e) { // failed to insert subject name CMS.debug("SubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { CertificateSubjectName sn = null; try { CMS.debug("SubjectNameDefault: getValue info=" + info); - sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); + sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); CMS.debug("SubjectNameDefault: getValue name=" + sn); return sn.toString(); } catch (Exception e) { // nothing CMS.debug("SubjectNameDefault: getValue " + e.toString()); - + } - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_NAME", + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_NAME", getConfig(CONFIG_NAME)); } @@ -152,13 +146,13 @@ public class SubjectNameDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { X500Name name = null; String subjectName = null; try { - subjectName = mapPattern(request, getConfig(CONFIG_NAME)); + subjectName = mapPattern(request, getConfig(CONFIG_NAME)); } catch (IOException e) { CMS.debug("SubjectNameDefault: mapPattern " + e.toString()); } @@ -176,8 +170,7 @@ public class SubjectNameDefault extends EnrollDefault { // failed to build x500 name } try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(name)); + info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(name)); } catch (Exception e) { // failed to insert subject name CMS.debug("SubjectNameDefault: populate " + e.toString()); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java index c834eee19..01322bc2f 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.util.Locale; import netscape.security.x509.CertificateExtensions; @@ -34,12 +33,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a user-supplied extension - * into the certificate template. - * + * This class implements an enrollment default policy that populates a + * user-supplied extension into the certificate template. + * * @version $Revision$, $Date$ */ public class UserExtensionDefault extends EnrollExtDefault { @@ -57,14 +54,13 @@ public class UserExtensionDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_OID)) { - return new Descriptor(IDescriptor.STRING, null, - "Comment Here...", + return new Descriptor(IDescriptor.STRING, null, "Comment Here...", CMS.getUserMessage(locale, "CMS_PROFILE_OID")); } else { return null; @@ -73,27 +69,23 @@ public class UserExtensionDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_OID)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_OID")); + return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, + null, CMS.getUserMessage(locale, "CMS_PROFILE_OID")); } else { return null; } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { // Nothing to do for read-only values } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_OID)) { Extension ext = getExtension(getConfig(CONFIG_OID), info); @@ -104,35 +96,37 @@ public class UserExtensionDefault extends EnrollExtDefault { } return ext.getExtensionId().toString(); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_USER_EXT", getConfig(CONFIG_OID)); + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_USER_EXT", + getConfig(CONFIG_OID)); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { CertificateExtensions inExts = null; String oid = getConfig(CONFIG_OID); - inExts = request.getExtDataInCertExts(IEnrollProfile.REQUEST_EXTENSIONS); + inExts = request + .getExtDataInCertExts(IEnrollProfile.REQUEST_EXTENSIONS); if (inExts == null) - return; + return; Extension ext = getExtension(getConfig(CONFIG_OID), inExts); if (ext == null) { - CMS.debug("UserExtensionDefault: no user ext supplied for "+ oid); - return; + CMS.debug("UserExtensionDefault: no user ext supplied for " + oid); + return; } // user supplied the ext that's allowed, replace the def set by system deleteExtension(oid, info); - CMS.debug("UserExtensionDefault: using user supplied ext for "+ oid); + CMS.debug("UserExtensionDefault: using user supplied ext for " + oid); addExtension(oid, ext, info); } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java index 1cff57df2..34009e14d 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.ByteArrayInputStream; import java.math.BigInteger; import java.security.interfaces.DSAParams; @@ -40,12 +39,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a user supplied key - * into the certificate template. - * + * This class implements an enrollment default policy that populates a user + * supplied key into the certificate template. + * * @version $Revision$, $Date$ */ public class UserKeyDefault extends EnrollDefault { @@ -62,86 +59,74 @@ public class UserKeyDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_KEY)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_KEY")); + return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, + null, CMS.getUserMessage(locale, "CMS_PROFILE_KEY")); } else if (name.equals(VAL_LEN)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_KEY_LEN")); + return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, + null, CMS.getUserMessage(locale, "CMS_PROFILE_KEY_LEN")); } else if (name.equals(VAL_TYPE)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_KEY_TYPE")); + return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, + null, CMS.getUserMessage(locale, "CMS_PROFILE_KEY_TYPE")); } else { return null; } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { // this default rule is readonly } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_KEY)) { CertificateX509Key ck = null; try { - ck = (CertificateX509Key) - info.get(X509CertInfo.KEY); + ck = (CertificateX509Key) info.get(X509CertInfo.KEY); } catch (Exception e) { // nothing } X509Key k = null; try { - k = (X509Key) - ck.get(CertificateX509Key.KEY); + k = (X509Key) ck.get(CertificateX509Key.KEY); } catch (Exception e) { // nothing - } + } if (k == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_PROFILE_KEY_NOT_FOUND")); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_PROFILE_KEY_NOT_FOUND")); } return toHexString(k.getKey()); } else if (name.equals(VAL_LEN)) { CertificateX509Key ck = null; try { - ck = (CertificateX509Key) - info.get(X509CertInfo.KEY); + ck = (CertificateX509Key) info.get(X509CertInfo.KEY); } catch (Exception e) { // nothing } X509Key k = null; try { - k = (X509Key) - ck.get(CertificateX509Key.KEY); + k = (X509Key) ck.get(CertificateX509Key.KEY); } catch (Exception e) { // nothing } - if (k == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_PROFILE_KEY_NOT_FOUND")); + if (k == null) { + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_PROFILE_KEY_NOT_FOUND")); } try { if (k.getAlgorithm().equals("RSA")) { @@ -151,35 +136,33 @@ public class UserKeyDefault extends EnrollDefault { } } catch (Exception e) { CMS.debug("UserKeyDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } else if (name.equals(VAL_TYPE)) { CertificateX509Key ck = null; try { - ck = (CertificateX509Key) - info.get(X509CertInfo.KEY); + ck = (CertificateX509Key) info.get(X509CertInfo.KEY); } catch (Exception e) { // nothing } X509Key k = null; try { - k = (X509Key) - ck.get(CertificateX509Key.KEY); + k = (X509Key) ck.get(CertificateX509Key.KEY); } catch (Exception e) { // nothing } - if (k == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_PROFILE_KEY_NOT_FOUND")); + if (k == null) { + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_PROFILE_KEY_NOT_FOUND")); } - return k.getAlgorithm() + " - " + - k.getAlgorithmId().getOID().toString(); + return k.getAlgorithm() + " - " + + k.getAlgorithmId().getOID().toString(); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } @@ -191,8 +174,7 @@ public class UserKeyDefault extends EnrollDefault { X509Key newkey = null; try { - newkey = new X509Key(AlgorithmId.get("RSA"), - key.getKey()); + newkey = new X509Key(AlgorithmId.get("RSA"), key.getKey()); } catch (Exception e) { CMS.debug("UserKeyDefault: getRSAKey " + e.toString()); throw e; @@ -217,15 +199,16 @@ public class UserKeyDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { CertificateX509Key certKey = null; // authenticate the certificate key, and move // the key from request into x509 certinfo try { - byte[] certKeyData = request.getExtDataInByteArray(IEnrollProfile.REQUEST_KEY); + byte[] certKeyData = request + .getExtDataInByteArray(IEnrollProfile.REQUEST_KEY); if (certKeyData != null) { - certKey = new CertificateX509Key( - new ByteArrayInputStream(certKeyData)); + certKey = new CertificateX509Key(new ByteArrayInputStream( + certKeyData)); } info.set(X509CertInfo.KEY, certKey); } catch (Exception e) { diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java index 07e6c77e5..8db157321 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.ByteArrayInputStream; import java.util.Locale; @@ -35,12 +34,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a user-supplied signing algorithm - * into the certificate template. - * + * This class implements an enrollment default policy that populates a + * user-supplied signing algorithm into the certificate template. + * * @version $Revision$, $Date$ */ public class UserSigningAlgDefault extends EnrollDefault { @@ -53,72 +50,70 @@ public class UserSigningAlgDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_ALG_ID)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SIGNING_ALGORITHM")); + return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, + null, CMS.getUserMessage(locale, + "CMS_PROFILE_SIGNING_ALGORITHM")); } else { return null; } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { // this default rule is readonly } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_ALG_ID)) { CertificateAlgorithmId algID = null; try { - algID = (CertificateAlgorithmId) - info.get(X509CertInfo.ALGORITHM_ID); - AlgorithmId id = (AlgorithmId) - algID.get(CertificateAlgorithmId.ALGORITHM); + algID = (CertificateAlgorithmId) info + .get(X509CertInfo.ALGORITHM_ID); + AlgorithmId id = (AlgorithmId) algID + .get(CertificateAlgorithmId.ALGORITHM); return id.toString(); } catch (Exception e) { CMS.debug("UserSigningAlgDefault: setValue " + e.toString()); - return ""; //XXX + return ""; // XXX } } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_USER_SIGNING_ALGORITHM"); + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_USER_SIGNING_ALGORITHM"); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { CertificateAlgorithmId certAlg = null; // authenticate the certificate key, and move // the key from request into x509 certinfo try { - byte[] certAlgData = request.getExtDataInByteArray( - IEnrollProfile.REQUEST_SIGNING_ALGORITHM); + byte[] certAlgData = request + .getExtDataInByteArray(IEnrollProfile.REQUEST_SIGNING_ALGORITHM); if (certAlgData != null) { - certAlg = new CertificateAlgorithmId( - new ByteArrayInputStream(certAlgData)); + certAlg = new CertificateAlgorithmId(new ByteArrayInputStream( + certAlgData)); } info.set(X509CertInfo.ALGORITHM_ID, certAlg); } catch (Exception e) { diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java index f589b6543..6017213f2 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Locale; @@ -35,12 +34,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a user-supplied subject name - * into the certificate template. - * + * This class implements an enrollment default policy that populates a + * user-supplied subject name into the certificate template. + * * @version $Revision$, $Date$ */ public class UserSubjectNameDefault extends EnrollDefault { @@ -53,7 +50,7 @@ public class UserSubjectNameDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -66,12 +63,11 @@ public class UserSubjectNameDefault extends EnrollDefault { } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { X500Name x500name = null; @@ -84,42 +80,40 @@ public class UserSubjectNameDefault extends EnrollDefault { } CMS.debug("SubjectNameDefault: setValue name=" + x500name); try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); + info.set(X509CertInfo.SUBJECT, new CertificateSubjectName( + x500name)); } catch (Exception e) { // failed to insert subject name CMS.debug("UserSubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { CertificateSubjectName sn = null; try { - sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); + sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); return sn.toString(); } catch (Exception e) { // nothing } - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } @@ -131,12 +125,13 @@ public class UserSubjectNameDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { // authenticate the subject name and populate it // to the certinfo try { - info.set(X509CertInfo.SUBJECT, request.getExtDataInCertSubjectName( - IEnrollProfile.REQUEST_SUBJECT_NAME)); + info.set( + X509CertInfo.SUBJECT, + request.getExtDataInCertSubjectName(IEnrollProfile.REQUEST_SUBJECT_NAME)); } catch (Exception e) { // failed to insert subject name CMS.debug("UserSubjectNameDefault: populate " + e.toString()); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java index 2d79b1925..ec7cdedda 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.ByteArrayInputStream; import java.util.Date; import java.util.Locale; @@ -35,12 +34,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a user-supplied validity - * into the certificate template. - * + * This class implements an enrollment default policy that populates a + * user-supplied validity into the certificate template. + * * @version $Revision$, $Date$ */ public class UserValidityDefault extends EnrollDefault { @@ -55,71 +52,65 @@ public class UserValidityDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_NOT_BEFORE)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_NOT_BEFORE")); + return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, + null, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_BEFORE")); } else if (name.equals(VAL_NOT_AFTER)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_NOT_AFTER")); + return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, + null, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_AFTER")); } else { return null; } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { // this default rule is readonly } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NOT_BEFORE)) { CertificateValidity validity = null; try { - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); - Date notBefore = (Date) - validity.get(CertificateValidity.NOT_BEFORE); + validity = (CertificateValidity) info + .get(X509CertInfo.VALIDITY); + Date notBefore = (Date) validity + .get(CertificateValidity.NOT_BEFORE); return notBefore.toString(); } catch (Exception e) { CMS.debug("UserValidityDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } else if (name.equals(VAL_NOT_AFTER)) { try { CertificateValidity validity = null; - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); - Date notAfter = (Date) - validity.get(CertificateValidity.NOT_AFTER); + validity = (CertificateValidity) info + .get(X509CertInfo.VALIDITY); + Date notAfter = (Date) validity + .get(CertificateValidity.NOT_AFTER); return notAfter.toString(); } catch (Exception e) { CMS.debug("UserValidityDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } @@ -131,17 +122,16 @@ public class UserValidityDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { CertificateValidity certValidity = null; // authenticate the certificate key, and move // the key from request into x509 certinfo try { - byte[] certValidityData = request.getExtDataInByteArray( - IEnrollProfile.REQUEST_VALIDITY); + byte[] certValidityData = request + .getExtDataInByteArray(IEnrollProfile.REQUEST_VALIDITY); if (certValidityData != null) { certValidity = new CertificateValidity(); - certValidity.decode( - new ByteArrayInputStream(certValidityData)); + certValidity.decode(new ByteArrayInputStream(certValidityData)); } info.set(X509CertInfo.VALIDITY, certValidity); } catch (Exception e) { diff --git a/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java index 6e9b08abf..fd046e1fb 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.text.ParsePosition; import java.text.SimpleDateFormat; @@ -36,12 +35,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy - * that populates a server-side configurable validity - * into the certificate template. - * + * This class implements an enrollment default policy that populates a + * server-side configurable validity into the certificate template. + * * @version $Revision$, $Date$ */ public class ValidityDefault extends EnrollDefault { @@ -64,43 +61,36 @@ public class ValidityDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) throws EPropertyException { if (name.equals(CONFIG_RANGE)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_RANGE)); - } + "CMS_INVALID_PROPERTY", CONFIG_RANGE)); + } } else if (name.equals(CONFIG_START_TIME)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_START_TIME)); - } + "CMS_INVALID_PROPERTY", CONFIG_START_TIME)); + } } super.setConfig(name, value); } public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_RANGE)) { - return new Descriptor(IDescriptor.STRING, - null, - "2922", - CMS.getUserMessage(locale, - "CMS_PROFILE_VALIDITY_RANGE")); + return new Descriptor(IDescriptor.STRING, null, "2922", + CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_RANGE")); } else if (name.equals(CONFIG_START_TIME)) { - return new Descriptor(IDescriptor.STRING, - null, - "60", /* 1 minute */ - CMS.getUserMessage(locale, - "CMS_PROFILE_VALIDITY_START_TIME")); + return new Descriptor(IDescriptor.STRING, null, "60", /* 1 minute */ + CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_START_TIME")); } else { return null; } @@ -118,103 +108,95 @@ public class ValidityDefault extends EnrollDefault { } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } - if (value == null || value.equals("")) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + if (value == null || value.equals("")) { + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT); ParsePosition pos = new ParsePosition(0); Date date = formatter.parse(value, pos); CertificateValidity validity = null; try { - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); - validity.set(CertificateValidity.NOT_BEFORE, - date); + validity = (CertificateValidity) info + .get(X509CertInfo.VALIDITY); + validity.set(CertificateValidity.NOT_BEFORE, date); } catch (Exception e) { CMS.debug("ValidityDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT); ParsePosition pos = new ParsePosition(0); Date date = formatter.parse(value, pos); CertificateValidity validity = null; try { - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); - validity.set(CertificateValidity.NOT_AFTER, - date); + validity = (CertificateValidity) info + .get(X509CertInfo.VALIDITY); + validity.set(CertificateValidity.NOT_AFTER, date); } catch (Exception e) { CMS.debug("ValidityDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { if (name == null) - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT); CertificateValidity validity = null; try { - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); - return formatter.format((Date) - validity.get(CertificateValidity.NOT_BEFORE)); + validity = (CertificateValidity) info + .get(X509CertInfo.VALIDITY); + return formatter.format((Date) validity + .get(CertificateValidity.NOT_BEFORE)); } catch (Exception e) { CMS.debug("ValidityDefault: getValue " + e.toString()); } throw new EPropertyException("Invalid valie"); } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT); CertificateValidity validity = null; try { - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); - return formatter.format((Date) - validity.get(CertificateValidity.NOT_AFTER)); + validity = (CertificateValidity) info + .get(X509CertInfo.VALIDITY); + return formatter.format((Date) validity + .get(CertificateValidity.NOT_AFTER)); } catch (Exception e) { CMS.debug("ValidityDefault: getValue " + e.toString()); } - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", getConfig(CONFIG_RANGE)); } @@ -222,11 +204,11 @@ public class ValidityDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { // always + 60 seconds String startTimeStr = getConfig(CONFIG_START_TIME); try { - startTimeStr = mapPattern(request, startTimeStr); + startTimeStr = mapPattern(request, startTimeStr); } catch (IOException e) { CMS.debug("ValidityDefault: populate " + e.toString()); } @@ -235,31 +217,32 @@ public class ValidityDefault extends EnrollDefault { startTimeStr = "60"; } int startTime = Integer.parseInt(startTimeStr); - Date notBefore = new Date(CMS.getCurrentDate().getTime() + (1000 * startTime)); + Date notBefore = new Date(CMS.getCurrentDate().getTime() + + (1000 * startTime)); long notAfterVal = 0; try { String rangeStr = getConfig(CONFIG_RANGE); rangeStr = mapPattern(request, rangeStr); - notAfterVal = notBefore.getTime() + - (mDefault * Integer.parseInt(rangeStr)); + notAfterVal = notBefore.getTime() + + (mDefault * Integer.parseInt(rangeStr)); } catch (Exception e) { // configured value is not correct CMS.debug("ValidityDefault: populate " + e.toString()); - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_RANGE)); + throw new EProfileException(CMS.getUserMessage(getLocale(request), + "CMS_INVALID_PROPERTY", CONFIG_RANGE)); } Date notAfter = new Date(notAfterVal); - CertificateValidity validity = - new CertificateValidity(notBefore, notAfter); + CertificateValidity validity = new CertificateValidity(notBefore, + notAfter); try { info.set(X509CertInfo.VALIDITY, validity); } catch (Exception e) { // failed to insert subject name CMS.debug("ValidityDefault: populate " + e.toString()); - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_INVALID_PROPERTY", X509CertInfo.VALIDITY)); + throw new EProfileException(CMS.getUserMessage(getLocale(request), + "CMS_INVALID_PROPERTY", X509CertInfo.VALIDITY)); } } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java index c8beca2f6..4bd5ce37f 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java @@ -34,22 +34,20 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; /** - * This class implements an enrollment default policy - * that populates server-side configurable subject name - * into the certificate template. - * + * This class implements an enrollment default policy that populates server-side + * configurable subject name into the certificate template. + * * @version $Revision$, $Date$ */ public class nsHKeySubjectNameDefault extends EnrollDefault { - public static final String PROP_PARAMS = "params"; + public static final String PROP_PARAMS = "params"; public static final String CONFIG_DNPATTERN = "dnpattern"; public static final String VAL_NAME = "name"; /* default dn pattern if left blank or not set in the config */ - protected static String DEFAULT_DNPATTERN = - "CN=SecureMember - $request.tokencuid$, OU=Subscriber, O=Red Hat, C=US"; + protected static String DEFAULT_DNPATTERN = "CN=SecureMember - $request.tokencuid$, OU=Subscriber, O=Red Hat, C=US"; protected IConfigStore mParamsConfig; @@ -61,44 +59,41 @@ public class nsHKeySubjectNameDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - CMS.debug("nsHKeySubjectNameDefault: in getConfigDescriptor, name="+ name); - if (name.equals(CONFIG_DNPATTERN)) { - return new Descriptor(IDescriptor.STRING, - null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + public IDescriptor getConfigDescriptor(Locale locale, String name) { + CMS.debug("nsHKeySubjectNameDefault: in getConfigDescriptor, name=" + + name); + if (name.equals(CONFIG_DNPATTERN)) { + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } public IDescriptor getValueDescriptor(Locale locale, String name) { - CMS.debug("nsHKeySubjectNameDefault: in getValueDescriptor name="+name); + CMS.debug("nsHKeySubjectNameDefault: in getValueDescriptor name=" + + name); if (name.equals(VAL_NAME)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { - CMS.debug("nsHKeySubjectNameDefault: in setValue, value="+value); + CMS.debug("nsHKeySubjectNameDefault: in setValue, value=" + value); if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { X500Name x500name = null; @@ -111,53 +106,51 @@ public class nsHKeySubjectNameDefault extends EnrollDefault { } CMS.debug("nsHKeySubjectNameDefault: setValue name=" + x500name); try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); + info.set(X509CertInfo.SUBJECT, new CertificateSubjectName( + x500name)); } catch (Exception e) { // failed to insert subject name CMS.debug("nsHKeySubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - CMS.debug("nsHKeySubjectNameDefault: in getValue, name="+name); + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { + CMS.debug("nsHKeySubjectNameDefault: in getValue, name=" + name); if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { CertificateSubjectName sn = null; try { CMS.debug("nsHKeySubjectNameDefault: getValue info=" + info); - sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); + sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); CMS.debug("nsHKeySubjectNameDefault: getValue name=" + sn); return sn.toString(); } catch (Exception e) { // nothing CMS.debug("nsHKeySubjectNameDefault: getValue " + e.toString()); - + } - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - CMS.debug("nsHKeySubjectNameDefault: in getText"); - return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", + CMS.debug("nsHKeySubjectNameDefault: in getText"); + return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", getConfig(CONFIG_DNPATTERN)); } @@ -165,15 +158,15 @@ public class nsHKeySubjectNameDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { X500Name name = null; - CMS.debug("nsHKeySubjectNameDefault: in populate"); + CMS.debug("nsHKeySubjectNameDefault: in populate"); try { - String subjectName = getSubjectName(request); - CMS.debug("subjectName=" + subjectName); - if (subjectName == null || subjectName.equals("")) - return; + String subjectName = getSubjectName(request); + CMS.debug("subjectName=" + subjectName); + if (subjectName == null || subjectName.equals("")) + return; name = new X500Name(subjectName); } catch (IOException e) { @@ -184,32 +177,31 @@ public class nsHKeySubjectNameDefault extends EnrollDefault { // failed to build x500 name } try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(name)); + info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(name)); } catch (Exception e) { // failed to insert subject name CMS.debug("nsHKeySubjectNameDefault: populate " + e.toString()); } } - private String getSubjectName(IRequest request) - throws EProfileException, IOException { + private String getSubjectName(IRequest request) throws EProfileException, + IOException { - CMS.debug("nsHKeySubjectNameDefault: in getSubjectName"); + CMS.debug("nsHKeySubjectNameDefault: in getSubjectName"); - String pattern = getConfig(CONFIG_DNPATTERN); - if (pattern == null || pattern.equals("")) { - pattern = " "; - } - - String sbjname = ""; + String pattern = getConfig(CONFIG_DNPATTERN); + if (pattern == null || pattern.equals("")) { + pattern = " "; + } - if (request != null) { - CMS.debug("pattern = "+pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsHKeySubjectNameDefault: getSubjectName(): subject name mapping done"); - } + String sbjname = ""; - return sbjname; - } + if (request != null) { + CMS.debug("pattern = " + pattern); + sbjname = mapPattern(request, pattern); + CMS.debug("nsHKeySubjectNameDefault: getSubjectName(): subject name mapping done"); + } + + return sbjname; + } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java index 3a1d1c6ea..fde2e7fb1 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java @@ -42,16 +42,15 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; /** - * This class implements an enrollment default policy - * that populates server-side configurable subject name - * into the certificate template. - * + * This class implements an enrollment default policy that populates server-side + * configurable subject name into the certificate template. + * * @version $Revision$, $Date$ */ public class nsNKeySubjectNameDefault extends EnrollDefault { - public static final String PROP_LDAP = "ldap"; - public static final String PROP_PARAMS = "params"; + public static final String PROP_LDAP = "ldap"; + public static final String PROP_PARAMS = "params"; public static final String CONFIG_DNPATTERN = "dnpattern"; public static final String CONFIG_LDAP_STRING_ATTRS = "ldapStringAttributes"; public static final String CONFIG_LDAP_HOST = "ldap.ldapconn.host"; @@ -64,131 +63,123 @@ public class nsNKeySubjectNameDefault extends EnrollDefault { public static final String VAL_NAME = "name"; - public static final String CONFIG_LDAP_VERS = - "2,3"; + public static final String CONFIG_LDAP_VERS = "2,3"; /* default dn pattern if left blank or not set in the config */ - protected static String DEFAULT_DNPATTERN = - "CN=$request.aoluid$, E=$request.mail$"; + protected static String DEFAULT_DNPATTERN = "CN=$request.aoluid$, E=$request.mail$"; /* ldap configuration sub-store */ - boolean mInitialized = false; + boolean mInitialized = false; protected IConfigStore mInstConfig; protected IConfigStore mLdapConfig; protected IConfigStore mParamsConfig; - /* ldap base dn */ + /* ldap base dn */ protected String mBaseDN = null; /* factory of anonymous ldap connections */ protected ILdapConnFactory mConnFactory = null; - /* the list of LDAP attributes with string values to retrieve to - * form the subject dn. */ + /* + * the list of LDAP attributes with string values to retrieve to form the + * subject dn. + */ protected String[] mLdapStringAttrs = null; public nsNKeySubjectNameDefault() { super(); addConfigName(CONFIG_DNPATTERN); - addConfigName(CONFIG_LDAP_STRING_ATTRS); + addConfigName(CONFIG_LDAP_STRING_ATTRS); addConfigName(CONFIG_LDAP_HOST); addConfigName(CONFIG_LDAP_PORT); addConfigName(CONFIG_LDAP_SEC_CONN); addConfigName(CONFIG_LDAP_VER); addConfigName(CONFIG_LDAP_BASEDN); - addConfigName(CONFIG_LDAP_MIN_CONN); - addConfigName(CONFIG_LDAP_MAX_CONN); + addConfigName(CONFIG_LDAP_MIN_CONN); + addConfigName(CONFIG_LDAP_MAX_CONN); addValueName(CONFIG_DNPATTERN); - addValueName(CONFIG_LDAP_STRING_ATTRS); + addValueName(CONFIG_LDAP_STRING_ATTRS); addValueName(CONFIG_LDAP_HOST); addValueName(CONFIG_LDAP_PORT); addValueName(CONFIG_LDAP_SEC_CONN); addValueName(CONFIG_LDAP_VER); addValueName(CONFIG_LDAP_BASEDN); - addValueName(CONFIG_LDAP_MIN_CONN); - addValueName(CONFIG_LDAP_MAX_CONN); + addValueName(CONFIG_LDAP_MIN_CONN); + addValueName(CONFIG_LDAP_MAX_CONN); } public void init(IProfile profile, IConfigStore config) - throws EProfileException { - mInstConfig = config; + throws EProfileException { + mInstConfig = config; super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - CMS.debug("nsNKeySubjectNameDefault: in getConfigDescriptor, name="+ name); - if (name.equals(CONFIG_DNPATTERN)) { - return new Descriptor(IDescriptor.STRING, - null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); - } else if (name.equals(CONFIG_LDAP_STRING_ATTRS)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_LDAP_STRING_ATTRS")); - } else if (name.equals(CONFIG_LDAP_HOST)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_HOST_NAME")); - } else if (name.equals(CONFIG_LDAP_PORT)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_PORT_NUMBER")); - } else if (name.equals(CONFIG_LDAP_SEC_CONN)) { - return new Descriptor(IDescriptor.BOOLEAN, - null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_SECURE_CONN")); - } else if (name.equals(CONFIG_LDAP_VER)) { - return new Descriptor(IDescriptor.CHOICE, CONFIG_LDAP_VERS, - "3", - CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_VERSION")); - } else if (name.equals(CONFIG_LDAP_BASEDN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_BASEDN")); - } else if (name.equals(CONFIG_LDAP_MIN_CONN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_LDAP_MIN_CONN")); - } else if (name.equals(CONFIG_LDAP_MAX_CONN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_LDAP_MAX_CONN")); + public IDescriptor getConfigDescriptor(Locale locale, String name) { + CMS.debug("nsNKeySubjectNameDefault: in getConfigDescriptor, name=" + + name); + if (name.equals(CONFIG_DNPATTERN)) { + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME")); + } else if (name.equals(CONFIG_LDAP_STRING_ATTRS)) { + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_NSNKEY_LDAP_STRING_ATTRS")); + } else if (name.equals(CONFIG_LDAP_HOST)) { + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_HOST_NAME")); + } else if (name.equals(CONFIG_LDAP_PORT)) { + return new Descriptor( + IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_PORT_NUMBER")); + } else if (name.equals(CONFIG_LDAP_SEC_CONN)) { + return new Descriptor( + IDescriptor.BOOLEAN, + null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_SECURE_CONN")); + } else if (name.equals(CONFIG_LDAP_VER)) { + return new Descriptor(IDescriptor.CHOICE, CONFIG_LDAP_VERS, "3", + CMS.getUserMessage(locale, + "CMS_PROFILE_NSNKEY_LDAP_VERSION")); + } else if (name.equals(CONFIG_LDAP_BASEDN)) { + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_BASEDN")); + } else if (name.equals(CONFIG_LDAP_MIN_CONN)) { + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_NSNKEY_LDAP_MIN_CONN")); + } else if (name.equals(CONFIG_LDAP_MAX_CONN)) { + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_NSNKEY_LDAP_MAX_CONN")); } else { return null; } } public IDescriptor getValueDescriptor(Locale locale, String name) { - CMS.debug("nsNKeySubjectNameDefault: in getValueDescriptor name="+name); + CMS.debug("nsNKeySubjectNameDefault: in getValueDescriptor name=" + + name); if (name.equals(VAL_NAME)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { - CMS.debug("nsNKeySubjectNameDefault: in setValue, value="+value); + CMS.debug("nsNKeySubjectNameDefault: in setValue, value=" + value); if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { X500Name x500name = null; @@ -201,113 +192,113 @@ public class nsNKeySubjectNameDefault extends EnrollDefault { } CMS.debug("nsNKeySubjectNameDefault: setValue name=" + x500name); try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); + info.set(X509CertInfo.SUBJECT, new CertificateSubjectName( + x500name)); } catch (Exception e) { // failed to insert subject name CMS.debug("nsNKeySubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - CMS.debug("nsNKeySubjectNameDefault: in getValue, name="+name); + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { + CMS.debug("nsNKeySubjectNameDefault: in getValue, name=" + name); if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { CertificateSubjectName sn = null; try { CMS.debug("nsNKeySubjectNameDefault: getValue info=" + info); - sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); + sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); CMS.debug("nsNKeySubjectNameDefault: getValue name=" + sn); return sn.toString(); } catch (Exception e) { // nothing CMS.debug("nsNKeySubjectNameDefault: getValue " + e.toString()); - + } - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - CMS.debug("nsNKeySubjectNameDefault: in getText"); - return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", + CMS.debug("nsNKeySubjectNameDefault: in getText"); + return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", getConfig(CONFIG_DNPATTERN)); } - public void ldapInit() - throws EProfileException { - if (mInitialized == true) return; - - CMS.debug("nsNKeySubjectNameDefault: ldapInit(): begin"); - - try { - // cfu - XXX do more error handling here later - /* initialize ldap server configuration */ - mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS); - mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP); - mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null); - mConnFactory = CMS.getLdapAnonConnFactory(); - mConnFactory.init(mLdapConfig); - - /* initialize dn pattern */ - String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null); - - if (pattern == null || pattern.length() == 0) - pattern = DEFAULT_DNPATTERN; - - /* initialize ldap string attribute list */ - String ldapStringAttrs = mParamsConfig.getString(CONFIG_LDAP_STRING_ATTRS, null); - - if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) { - StringTokenizer pAttrs = - new StringTokenizer(ldapStringAttrs, ",", false); - - mLdapStringAttrs = new String[pAttrs.countTokens()]; - - for (int i = 0; i < mLdapStringAttrs.length; i++) { - mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim(); - } - } - CMS.debug("nsNKeySubjectNameDefault: ldapInit(): done"); - mInitialized = true; - } catch (Exception e) { - CMS.debug("nsNKeySubjectNameDefault: ldapInit(): "+e.toString()); - // throw EProfileException... - throw new EProfileException("ldap init failure: "+e.toString()); - } - } + public void ldapInit() throws EProfileException { + if (mInitialized == true) + return; + + CMS.debug("nsNKeySubjectNameDefault: ldapInit(): begin"); + + try { + // cfu - XXX do more error handling here later + /* initialize ldap server configuration */ + mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS); + mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP); + mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null); + mConnFactory = CMS.getLdapAnonConnFactory(); + mConnFactory.init(mLdapConfig); + + /* initialize dn pattern */ + String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null); + + if (pattern == null || pattern.length() == 0) + pattern = DEFAULT_DNPATTERN; + + /* initialize ldap string attribute list */ + String ldapStringAttrs = mParamsConfig.getString( + CONFIG_LDAP_STRING_ATTRS, null); + + if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) { + StringTokenizer pAttrs = new StringTokenizer(ldapStringAttrs, + ",", false); + + mLdapStringAttrs = new String[pAttrs.countTokens()]; + + for (int i = 0; i < mLdapStringAttrs.length; i++) { + mLdapStringAttrs[i] = ((String) pAttrs.nextElement()) + .trim(); + } + } + CMS.debug("nsNKeySubjectNameDefault: ldapInit(): done"); + mInitialized = true; + } catch (Exception e) { + CMS.debug("nsNKeySubjectNameDefault: ldapInit(): " + e.toString()); + // throw EProfileException... + throw new EProfileException("ldap init failure: " + e.toString()); + } + } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { X500Name name = null; - CMS.debug("nsNKeySubjectNameDefault: in populate"); - ldapInit(); + CMS.debug("nsNKeySubjectNameDefault: in populate"); + ldapInit(); try { - // cfu - this goes to ldap - String subjectName = getSubjectName(request); - CMS.debug("subjectName=" + subjectName); - if (subjectName == null || subjectName.equals("")) - return; + // cfu - this goes to ldap + String subjectName = getSubjectName(request); + CMS.debug("subjectName=" + subjectName); + if (subjectName == null || subjectName.equals("")) + return; name = new X500Name(subjectName); } catch (IOException e) { @@ -318,57 +309,58 @@ public class nsNKeySubjectNameDefault extends EnrollDefault { // failed to build x500 name } try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(name)); + info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(name)); } catch (Exception e) { // failed to insert subject name CMS.debug("nsNKeySubjectNameDefault: populate " + e.toString()); } } - private String getSubjectName(IRequest request) - throws EProfileException, IOException { + private String getSubjectName(IRequest request) throws EProfileException, + IOException { + + CMS.debug("nsNKeySubjectNameDefault: in getSubjectName"); - CMS.debug("nsNKeySubjectNameDefault: in getSubjectName"); + String pattern = getConfig(CONFIG_DNPATTERN); + if (pattern == null || pattern.equals("")) { + pattern = " "; + } - String pattern = getConfig(CONFIG_DNPATTERN); - if (pattern == null || pattern.equals("")) { - pattern = " "; - } - - LDAPConnection conn = null; + LDAPConnection conn = null; String userdn = null; - String sbjname = ""; - // get DN from ldap to fill request - try { - if (mConnFactory == null) { + String sbjname = ""; + // get DN from ldap to fill request + try { + if (mConnFactory == null) { conn = null; CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): no LDAP connection"); throw new EProfileException("no LDAP connection"); } else { conn = mConnFactory.getConn(); - if( conn == null ) { - CMS.debug( "nsNKeySubjectNameDefault::getSubjectName() - " + - "no LDAP connection" ); - throw new EProfileException( "no LDAP connection" ); + if (conn == null) { + CMS.debug("nsNKeySubjectNameDefault::getSubjectName() - " + + "no LDAP connection"); + throw new EProfileException("no LDAP connection"); } CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): got LDAP connection"); } - if (request != null) { - CMS.debug("pattern = "+pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): subject name mapping done"); - } else { - CMS.debug( "nsNKeySubjectNameDefault::getSubjectName() - " + - "request is null!" ); - throw new EProfileException( "request is null" ); - } - // retrieve the attributes + if (request != null) { + CMS.debug("pattern = " + pattern); + sbjname = mapPattern(request, pattern); + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): subject name mapping done"); + } else { + CMS.debug("nsNKeySubjectNameDefault::getSubjectName() - " + + "request is null!"); + throw new EProfileException("request is null"); + } + // retrieve the attributes // get user dn. - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with basedn = "+ mBaseDN); - LDAPSearchResults res = conn.search(mBaseDN, - LDAPv2.SCOPE_SUB, "(aoluid=" + request.getExtDataInString("aoluid") + ")", null, false); + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with basedn = " + + mBaseDN); + LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB, + "(aoluid=" + request.getExtDataInString("aoluid") + ")", + null, false); if (res.hasMoreElements()) { LDAPEntry entry = res.next(); @@ -378,42 +370,47 @@ public class nsNKeySubjectNameDefault extends EnrollDefault { CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): screen name does not exist"); throw new EProfileException("screenname does not exist"); } - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): retrieved entry for aoluid = "+request.getExtDataInString("aoluid"));; - - LDAPEntry entry = null; - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with "+ mLdapStringAttrs.length +" attributes"); - LDAPSearchResults results = - conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", - mLdapStringAttrs, false); - - if (!results.hasMoreElements()) { - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): no attributes"); - throw new EProfileException("no ldap attributes found"); - } - entry = results.next(); - // set attrs into request + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): retrieved entry for aoluid = " + + request.getExtDataInString("aoluid")); + ; + + LDAPEntry entry = null; + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with " + + mLdapStringAttrs.length + " attributes"); + LDAPSearchResults results = conn.search(userdn, LDAPv2.SCOPE_BASE, + "objectclass=*", mLdapStringAttrs, false); + + if (!results.hasMoreElements()) { + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): no attributes"); + throw new EProfileException("no ldap attributes found"); + } + entry = results.next(); + // set attrs into request for (int i = 0; i < mLdapStringAttrs.length; i++) { - LDAPAttribute la = - entry.getAttribute(mLdapStringAttrs[i]); - if (la != null) { - String[] sla = la.getStringValueArray(); - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): got attribute: "+sla[0]); - request.setExtData(mLdapStringAttrs[i], sla[0]); - } + LDAPAttribute la = entry.getAttribute(mLdapStringAttrs[i]); + if (la != null) { + String[] sla = la.getStringValueArray(); + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): got attribute: " + + sla[0]); + request.setExtData(mLdapStringAttrs[i], sla[0]); + } } - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): attributes set in request"); - } catch (Exception e) { - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): "+e.toString()); - throw new EProfileException("getSubjectName() failure: "+e.toString()); - } finally { - try { - if (conn != null) - mConnFactory.returnConn(conn); - } catch (Exception e) { - throw new EProfileException("nsNKeySubjectNameDefault: getSubjectName(): connection return failure"); - } - } - return sbjname; - - } + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): attributes set in request"); + } catch (Exception e) { + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): " + + e.toString()); + throw new EProfileException("getSubjectName() failure: " + + e.toString()); + } finally { + try { + if (conn != null) + mConnFactory.returnConn(conn); + } catch (Exception e) { + throw new EProfileException( + "nsNKeySubjectNameDefault: getSubjectName(): connection return failure"); + } + } + return sbjname; + + } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java index 030470b39..a367b638f 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java @@ -34,10 +34,9 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; /** - * This class implements an enrollment default policy - * that populates server-side configurable subject name - * into the certificate template. - * + * This class implements an enrollment default policy that populates server-side + * configurable subject name into the certificate template. + * * @version $Revision$, $Date$ */ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { @@ -48,8 +47,7 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { public static final String VAL_NAME = "name"; /* default dn pattern if left blank or not set in the config */ - protected static String DEFAULT_DNPATTERN = - "Token Key Device - $request.tokencuid$"; + protected static String DEFAULT_DNPATTERN = "Token Key Device - $request.tokencuid$"; protected IConfigStore mParamsConfig; @@ -61,44 +59,42 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getConfigDescriptor, name="+ name); - if (name.equals(CONFIG_DNPATTERN)) { - return new Descriptor(IDescriptor.STRING, - null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + public IDescriptor getConfigDescriptor(Locale locale, String name) { + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getConfigDescriptor, name=" + + name); + if (name.equals(CONFIG_DNPATTERN)) { + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } public IDescriptor getValueDescriptor(Locale locale, String name) { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValueDescriptor name="+name); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValueDescriptor name=" + + name); if (name.equals(VAL_NAME)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in setValue, value="+value); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in setValue, value=" + + value); if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { X500Name x500name = null; @@ -106,59 +102,63 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { try { x500name = new X500Name(value); } catch (IOException e) { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue " + e.toString()); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue " + + e.toString()); // failed to build x500 name } - CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue name=" + x500name); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue name=" + + x500name); try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); + info.set(X509CertInfo.SUBJECT, new CertificateSubjectName( + x500name)); } catch (Exception e) { // failed to insert subject name - CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException - { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValue, name="+name); + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValue, name=" + + name); if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { CertificateSubjectName sn = null; try { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: getValue info=" + info); - sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); - CMS.debug("nsTokenDeviceKeySubjectNameDefault: getValue name=" + sn); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: getValue info=" + + info); + sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: getValue name=" + + sn); return sn.toString(); } catch (Exception e) { // nothing - CMS.debug("nsTokenDeviceKeySubjectNameDefault: getValue " + e.toString()); - + CMS.debug("nsTokenDeviceKeySubjectNameDefault: getValue " + + e.toString()); + } - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getText"); - return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getText"); + return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", getConfig(CONFIG_DNPATTERN)); } @@ -166,51 +166,52 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { X500Name name = null; - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in populate"); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in populate"); try { - String subjectName = getSubjectName(request); + String subjectName = getSubjectName(request); CMS.debug("subjectName=" + subjectName); if (subjectName == null || subjectName.equals("")) - return; + return; name = new X500Name(subjectName); } catch (IOException e) { // failed to build x500 name - CMS.debug("nsTokenDeviceKeySubjectNameDefault: populate " + e.toString()); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: populate " + + e.toString()); } if (name == null) { // failed to build x500 name } try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(name)); + info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(name)); } catch (Exception e) { // failed to insert subject name - CMS.debug("nsTokenDeviceKeySubjectNameDefault: populate " + e.toString()); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: populate " + + e.toString()); } } - private String getSubjectName(IRequest request) - throws EProfileException, IOException { + private String getSubjectName(IRequest request) throws EProfileException, + IOException { + + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getSubjectName"); - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getSubjectName"); + String pattern = getConfig(CONFIG_DNPATTERN); + if (pattern == null || pattern.equals("")) { + pattern = " "; + } - String pattern = getConfig(CONFIG_DNPATTERN); - if (pattern == null || pattern.equals("")) { - pattern = " "; - } - - String sbjname = ""; + String sbjname = ""; - if (request != null) { - CMS.debug("pattern = "+pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsTokenDeviceKeySubjectNameDefault: getSubjectName(): subject name mapping done"); - } + if (request != null) { + CMS.debug("pattern = " + pattern); + sbjname = mapPattern(request, pattern); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: getSubjectName(): subject name mapping done"); + } - return sbjname; + return sbjname; } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java index ac98a0cbb..f842952f1 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java @@ -42,10 +42,9 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; /** - * This class implements an enrollment default policy - * that populates server-side configurable subject name - * into the certificate template. - * + * This class implements an enrollment default policy that populates server-side + * configurable subject name into the certificate template. + * * @version $Revision$, $Date$ */ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { @@ -66,12 +65,10 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { public static final String VAL_NAME = "name"; - public static final String CONFIG_LDAP_VERS = - "2,3"; + public static final String CONFIG_LDAP_VERS = "2,3"; /* default dn pattern if left blank or not set in the config */ - protected static String DEFAULT_DNPATTERN = - "CN=$request.uid$, E=$request.mail$"; + protected static String DEFAULT_DNPATTERN = "CN=$request.uid$, E=$request.mail$"; /* ldap configuration sub-store */ boolean mldapInitialized = false; @@ -86,8 +83,10 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { /* factory of anonymous ldap connections */ protected ILdapConnFactory mConnFactory = null; - /* the list of LDAP attributes with string values to retrieve to - * form the subject dn. */ + /* + * the list of LDAP attributes with string values to retrieve to form the + * subject dn. + */ protected String[] mLdapStringAttrs = null; public nsTokenUserKeySubjectNameDefault() { @@ -118,94 +117,83 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mInstConfig = config; super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - CMS.debug("nsTokenUserKeySubjectNameDefault: in getConfigDescriptor, name="+ name); - if (name.equals(CONFIG_DNPATTERN)) { - return new Descriptor(IDescriptor.STRING, - null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + public IDescriptor getConfigDescriptor(Locale locale, String name) { + CMS.debug("nsTokenUserKeySubjectNameDefault: in getConfigDescriptor, name=" + + name); + if (name.equals(CONFIG_DNPATTERN)) { + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME")); } else if (name.equals(CONFIG_LDAP_STRING_ATTRS)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_STRING_ATTRS")); + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_TOKENKEY_LDAP_STRING_ATTRS")); } else if (name.equals(CONFIG_LDAP_ENABLE)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_ENABLE")); + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_TOKENKEY_LDAP_ENABLE")); } else if (name.equals(CONFIG_LDAP_SEARCH_NAME)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_SEARCH_NAME")); + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_TOKENKEY_LDAP_SEARCH_NAME")); } else if (name.equals(CONFIG_LDAP_HOST)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_HOST_NAME")); + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_TOKENKEY_LDAP_HOST_NAME")); } else if (name.equals(CONFIG_LDAP_PORT)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_PORT_NUMBER")); + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_TOKENKEY_LDAP_PORT_NUMBER")); } else if (name.equals(CONFIG_LDAP_SEC_CONN)) { - return new Descriptor(IDescriptor.BOOLEAN, - null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_SECURE_CONN")); + return new Descriptor(IDescriptor.BOOLEAN, null, "false", + CMS.getUserMessage(locale, + "CMS_PROFILE_TOKENKEY_LDAP_SECURE_CONN")); } else if (name.equals(CONFIG_LDAP_VER)) { - return new Descriptor(IDescriptor.CHOICE, CONFIG_LDAP_VERS, - "3", - CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_VERSION")); + return new Descriptor(IDescriptor.CHOICE, CONFIG_LDAP_VERS, "3", + CMS.getUserMessage(locale, + "CMS_PROFILE_TOKENKEY_LDAP_VERSION")); } else if (name.equals(CONFIG_LDAP_BASEDN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_BASEDN")); + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_TOKENKEY_LDAP_BASEDN")); } else if (name.equals(CONFIG_LDAP_MIN_CONN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_MIN_CONN")); + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_TOKENKEY_LDAP_MIN_CONN")); } else if (name.equals(CONFIG_LDAP_MAX_CONN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_MAX_CONN")); + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_TOKENKEY_LDAP_MAX_CONN")); } else { return null; } } public IDescriptor getValueDescriptor(Locale locale, String name) { - CMS.debug("nsTokenUserKeySubjectNameDefault: in getValueDescriptor name="+name); + CMS.debug("nsTokenUserKeySubjectNameDefault: in getValueDescriptor name=" + + name); if (name.equals(VAL_NAME)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + public void setValue(String name, Locale locale, X509CertInfo info, + String value) throws EPropertyException { - CMS.debug("nsTokenUserKeySubjectNameDefault: in setValue, value="+value); + CMS.debug("nsTokenUserKeySubjectNameDefault: in setValue, value=" + + value); if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { X500Name x500name = null; @@ -213,117 +201,123 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { try { x500name = new X500Name(value); } catch (IOException e) { - CMS.debug("nsTokenUserKeySubjectNameDefault: setValue " + e.toString()); + CMS.debug("nsTokenUserKeySubjectNameDefault: setValue " + + e.toString()); // failed to build x500 name } - CMS.debug("nsTokenUserKeySubjectNameDefault: setValue name=" + x500name); + CMS.debug("nsTokenUserKeySubjectNameDefault: setValue name=" + + x500name); try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); + info.set(X509CertInfo.SUBJECT, new CertificateSubjectName( + x500name)); } catch (Exception e) { // failed to insert subject name - CMS.debug("nsTokenUserKeySubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + CMS.debug("nsTokenUserKeySubjectNameDefault: setValue " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - CMS.debug("nsTokenUserKeySubjectNameDefault: in getValue, name="+name); + public String getValue(String name, Locale locale, X509CertInfo info) + throws EPropertyException { + CMS.debug("nsTokenUserKeySubjectNameDefault: in getValue, name=" + name); if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { CertificateSubjectName sn = null; try { - CMS.debug("nsTokenUserKeySubjectNameDefault: getValue info=" + info); - sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); - CMS.debug("nsTokenUserKeySubjectNameDefault: getValue name=" + sn); + CMS.debug("nsTokenUserKeySubjectNameDefault: getValue info=" + + info); + sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); + CMS.debug("nsTokenUserKeySubjectNameDefault: getValue name=" + + sn); return sn.toString(); } catch (Exception e) { // nothing - CMS.debug("nsTokenUserKeySubjectNameDefault: getValue " + e.toString()); + CMS.debug("nsTokenUserKeySubjectNameDefault: getValue " + + e.toString()); } - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage(locale, + "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { CMS.debug("nsTokenUserKeySubjectNameDefault: in getText"); - return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", + return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", getConfig(CONFIG_DNPATTERN)); } - public void ldapInit() - throws EProfileException { - if (mldapInitialized == true) return; + public void ldapInit() throws EProfileException { + if (mldapInitialized == true) + return; CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): begin"); try { - // cfu - XXX do more error handling here later - /* initialize ldap server configuration */ - mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS); - mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP); - mldapEnabled = mParamsConfig.getBoolean(CONFIG_LDAP_ENABLE, - false); - if (mldapEnabled == false) - return; + // cfu - XXX do more error handling here later + /* initialize ldap server configuration */ + mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS); + mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP); + mldapEnabled = mParamsConfig.getBoolean(CONFIG_LDAP_ENABLE, false); + if (mldapEnabled == false) + return; - mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null); - mConnFactory = CMS.getLdapAnonConnFactory(); - mConnFactory.init(mLdapConfig); + mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null); + mConnFactory = CMS.getLdapAnonConnFactory(); + mConnFactory.init(mLdapConfig); - /* initialize dn pattern */ - String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null); + /* initialize dn pattern */ + String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null); - if (pattern == null || pattern.length() == 0) - pattern = DEFAULT_DNPATTERN; + if (pattern == null || pattern.length() == 0) + pattern = DEFAULT_DNPATTERN; - /* initialize ldap string attribute list */ - String ldapStringAttrs = mParamsConfig.getString(CONFIG_LDAP_STRING_ATTRS, null); + /* initialize ldap string attribute list */ + String ldapStringAttrs = mParamsConfig.getString( + CONFIG_LDAP_STRING_ATTRS, null); - if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) { - StringTokenizer pAttrs = - new StringTokenizer(ldapStringAttrs, ",", false); + if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) { + StringTokenizer pAttrs = new StringTokenizer(ldapStringAttrs, + ",", false); - mLdapStringAttrs = new String[pAttrs.countTokens()]; + mLdapStringAttrs = new String[pAttrs.countTokens()]; - for (int i = 0; i < mLdapStringAttrs.length; i++) { - mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim(); + for (int i = 0; i < mLdapStringAttrs.length; i++) { + mLdapStringAttrs[i] = ((String) pAttrs.nextElement()) + .trim(); + } } - } - CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): done"); - mldapInitialized = true; + CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): done"); + mldapInitialized = true; } catch (Exception e) { - CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): "+e.toString()); - // throw EProfileException... - throw new EProfileException("ldap init failure: "+e.toString()); + CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): " + + e.toString()); + // throw EProfileException... + throw new EProfileException("ldap init failure: " + e.toString()); } - } + } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { X500Name name = null; CMS.debug("nsTokenUserKeySubjectNameDefault: in populate"); -ldapInit(); + ldapInit(); try { // cfu - this goes to ldap String subjectName = getSubjectName(request); @@ -334,22 +328,23 @@ ldapInit(); name = new X500Name(subjectName); } catch (IOException e) { // failed to build x500 name - CMS.debug("nsTokenUserKeySubjectNameDefault: populate " + e.toString()); + CMS.debug("nsTokenUserKeySubjectNameDefault: populate " + + e.toString()); } if (name == null) { // failed to build x500 name } try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(name)); + info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(name)); } catch (Exception e) { // failed to insert subject name - CMS.debug("nsTokenUserKeySubjectNameDefault: populate " + e.toString()); + CMS.debug("nsTokenUserKeySubjectNameDefault: populate " + + e.toString()); } } - private String getSubjectName(IRequest request) - throws EProfileException, IOException { + private String getSubjectName(IRequest request) throws EProfileException, + IOException { CMS.debug("nsTokenUserKeySubjectNameDefault: in getSubjectName"); @@ -360,10 +355,10 @@ ldapInit(); String sbjname = ""; if (mldapInitialized == false) { - if (request != null) { - CMS.debug("pattern = "+pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done"); + if (request != null) { + CMS.debug("pattern = " + pattern); + sbjname = mapPattern(request, pattern); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done"); } return sbjname; } @@ -384,34 +379,38 @@ ldapInit(); throw new EProfileException("no LDAP connection"); } else { conn = mConnFactory.getConn(); - if( conn == null ) { - CMS.debug( "nsTokenUserKeySubjectNameDefault::getSubjectName() - " + - "no LDAP connection" ); - throw new EProfileException( "no LDAP connection" ); + if (conn == null) { + CMS.debug("nsTokenUserKeySubjectNameDefault::getSubjectName() - " + + "no LDAP connection"); + throw new EProfileException("no LDAP connection"); } CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got LDAP connection"); } // retrieve the attributes // get user dn. - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with basedn = "+ mBaseDN); - LDAPSearchResults res = conn.search(mBaseDN, - LDAPv2.SCOPE_SUB, "("+ searchName + "=" + request.getExtDataInString("uid") + ")", null, false); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with basedn = " + + mBaseDN); + LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB, "(" + + searchName + "=" + request.getExtDataInString("uid") + + ")", null, false); if (res.hasMoreElements()) { LDAPEntry entry = res.next(); userdn = entry.getDN(); } else {// put into property file later - cfu - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): "+ searchName + " does not exist"); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): " + + searchName + " does not exist"); throw new EProfileException("id does not exist"); } - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): retrieved entry for "+searchName + " = "+request.getExtDataInString("uid")); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): retrieved entry for " + + searchName + " = " + request.getExtDataInString("uid")); LDAPEntry entry = null; - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with "+ mLdapStringAttrs.length +" attributes"); - LDAPSearchResults results = - conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", - mLdapStringAttrs, false); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with " + + mLdapStringAttrs.length + " attributes"); + LDAPSearchResults results = conn.search(userdn, LDAPv2.SCOPE_BASE, + "objectclass=*", mLdapStringAttrs, false); if (!results.hasMoreElements()) { CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): no attributes"); @@ -420,29 +419,34 @@ ldapInit(); entry = results.next(); // set attrs into request for (int i = 0; i < mLdapStringAttrs.length; i++) { - LDAPAttribute la = - entry.getAttribute(mLdapStringAttrs[i]); - if (la != null) { - String[] sla = la.getStringValueArray(); - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got attribute: "+mLdapStringAttrs[i]+ - "=" + escapeValueRfc1779(sla[0], false).toString()); - request.setExtData(mLdapStringAttrs[i], escapeValueRfc1779(sla[0], false).toString()); - } + LDAPAttribute la = entry.getAttribute(mLdapStringAttrs[i]); + if (la != null) { + String[] sla = la.getStringValueArray(); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got attribute: " + + mLdapStringAttrs[i] + + "=" + + escapeValueRfc1779(sla[0], false).toString()); + request.setExtData(mLdapStringAttrs[i], + escapeValueRfc1779(sla[0], false).toString()); + } } - CMS.debug("pattern = "+pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done"); + CMS.debug("pattern = " + pattern); + sbjname = mapPattern(request, pattern); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done"); CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): attributes set in request"); } catch (Exception e) { - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): "+e.toString()); - throw new EProfileException("getSubjectName() failure: "+e.toString()); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): " + + e.toString()); + throw new EProfileException("getSubjectName() failure: " + + e.toString()); } finally { try { if (conn != null) mConnFactory.returnConn(conn); - } catch (Exception e) { - throw new EProfileException("nsTokenUserKeySubjectNameDefault: getSubjectName(): connection return failure"); + } catch (Exception e) { + throw new EProfileException( + "nsTokenUserKeySubjectNameDefault: getSubjectName(): connection return failure"); } } return sbjname; diff --git a/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java index d067f1e68..88255c3e5 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import netscape.security.x509.X509CertInfo; @@ -35,23 +34,19 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** - * This class implements the certificate request input. - * This input populates 2 main fields to the enrollment page: - * 1/ Certificate Request Type, 2/ Certificate Request + * This class implements the certificate request input. This input populates 2 + * main fields to the enrollment page: 1/ Certificate Request Type, 2/ + * Certificate Request * <p> * - * This input usually is used by an enrollment profile for - * certificate requests. - * + * This input usually is used by an enrollment profile for certificate requests. + * * @version $Revision$, $Date$ */ -public class CMCCertReqInput extends EnrollInput implements IProfileInput { - public static final String VAL_CERT_REQUEST_TYPE = - EnrollProfile.CTX_CERT_REQUEST_TYPE; - public static final String VAL_CERT_REQUEST = - EnrollProfile.CTX_CERT_REQUEST; +public class CMCCertReqInput extends EnrollInput implements IProfileInput { + public static final String VAL_CERT_REQUEST_TYPE = EnrollProfile.CTX_CERT_REQUEST_TYPE; + public static final String VAL_CERT_REQUEST = EnrollProfile.CTX_CERT_REQUEST; public EnrollProfile mEnrollProfile = null; @@ -63,7 +58,7 @@ public class CMCCertReqInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mEnrollProfile = (EnrollProfile) profile; @@ -87,39 +82,38 @@ public class CMCCertReqInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { String cert_request = ctx.get(VAL_CERT_REQUEST); - X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + X509CertInfo info = request + .getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); - TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), cert_request); + TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), + cert_request); if (msgs == null) { - return; + return; } // This profile only handle the first request in CRMF - Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); + Integer seqNum = request + .getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); if (seqNum == null) { - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_SEQ_NUM")); + throw new EProfileException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_SEQ_NUM")); } - mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request); + mEnrollProfile.fillTaggedRequest(getLocale(request), + msgs[seqNum.intValue()], info, request); request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CERT_REQUEST)) { - return new Descriptor(IDescriptor.CERT_REQUEST, null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_CERT_REQ")); - } + return new Descriptor(IDescriptor.CERT_REQUEST, null, null, + CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_CERT_REQ")); + } return null; } } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java index 12a4f549b..241d6c017 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import netscape.security.pkcs.PKCS10; @@ -38,23 +37,19 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** - * This class implements the certificate request input. - * This input populates 2 main fields to the enrollment page: - * 1/ Certificate Request Type, 2/ Certificate Request + * This class implements the certificate request input. This input populates 2 + * main fields to the enrollment page: 1/ Certificate Request Type, 2/ + * Certificate Request * <p> * - * This input usually is used by an enrollment profile for - * certificate requests. - * + * This input usually is used by an enrollment profile for certificate requests. + * * @version $Revision$, $Date$ */ -public class CertReqInput extends EnrollInput implements IProfileInput { - public static final String VAL_CERT_REQUEST_TYPE = - EnrollProfile.CTX_CERT_REQUEST_TYPE; - public static final String VAL_CERT_REQUEST = - EnrollProfile.CTX_CERT_REQUEST; +public class CertReqInput extends EnrollInput implements IProfileInput { + public static final String VAL_CERT_REQUEST_TYPE = EnrollProfile.CTX_CERT_REQUEST_TYPE; + public static final String VAL_CERT_REQUEST = EnrollProfile.CTX_CERT_REQUEST; public EnrollProfile mEnrollProfile = null; @@ -67,7 +62,7 @@ public class CertReqInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mEnrollProfile = (EnrollProfile) profile; @@ -91,97 +86,97 @@ public class CertReqInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { String cert_request_type = ctx.get(VAL_CERT_REQUEST_TYPE); String cert_request = ctx.get(VAL_CERT_REQUEST); - X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + X509CertInfo info = request + .getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); if (cert_request_type == null) { - CMS.debug("CertReqInput: populate - invalid cert request type " + - ""); - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", - "")); + CMS.debug("CertReqInput: populate - invalid cert request type " + + ""); + throw new EProfileException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", "")); } if (cert_request_type.equals(EnrollProfile.REQ_TYPE_PKCS10)) { - PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), cert_request); + PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), + cert_request); if (pkcs10 == null) { throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); + getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); } - mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request); + mEnrollProfile + .fillPKCS10(getLocale(request), pkcs10, info, request); } else if (cert_request_type.startsWith(EnrollProfile.REQ_TYPE_KEYGEN)) { - DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), cert_request); + DerInputStream keygen = mEnrollProfile.parseKeyGen( + getLocale(request), cert_request); if (keygen == null) { throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); + getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); } - mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request); + mEnrollProfile + .fillKeyGen(getLocale(request), keygen, info, request); } else if (cert_request_type.startsWith(EnrollProfile.REQ_TYPE_CRMF)) { - CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), cert_request); + CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), + cert_request); if (msgs == null) { throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); + getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); } for (int x = 0; x < msgs.length; x++) { verifyPOP(getLocale(request), msgs[x]); } // This profile only handle the first request in CRMF - Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); + Integer seqNum = request + .getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); - mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request - ); + mEnrollProfile.fillCertReqMsg(getLocale(request), + msgs[seqNum.intValue()], info, request); } else if (cert_request_type.startsWith(EnrollProfile.REQ_TYPE_CMC)) { - TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), cert_request); + TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), + cert_request); if (msgs == null) { throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); + getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); } // This profile only handle the first request in CRMF - Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); - if (seqNum == null) { - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_SEQ_NUM")); + Integer seqNum = request + .getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); + if (seqNum == null) { + throw new EProfileException(CMS.getUserMessage( + getLocale(request), "CMS_PROFILE_UNKNOWN_SEQ_NUM")); } - mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request); + mEnrollProfile.fillTaggedRequest(getLocale(request), + msgs[seqNum.intValue()], info, request); } else { // error - CMS.debug("CertReqInput: populate - invalid cert request type " + - cert_request_type); - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", - cert_request_type)); + CMS.debug("CertReqInput: populate - invalid cert request type " + + cert_request_type); + throw new EProfileException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", cert_request_type)); } request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CERT_REQUEST_TYPE)) { - return new Descriptor(IDescriptor.CERT_REQUEST_TYPE, null, - null, + return new Descriptor(IDescriptor.CERT_REQUEST_TYPE, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_CERT_REQ_TYPE")); + "CMS_PROFILE_INPUT_CERT_REQ_TYPE")); } else if (name.equals(VAL_CERT_REQUEST)) { - return new Descriptor(IDescriptor.CERT_REQUEST, null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_CERT_REQ")); + return new Descriptor(IDescriptor.CERT_REQUEST, null, null, + CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_CERT_REQ")); } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java b/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java index b887807cc..227dbc799 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import netscape.security.pkcs.PKCS10; @@ -37,26 +36,21 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** - * This class implements the dual key generation input. - * This input populates parameters to the enrollment - * pages so that a CRMF request containing 2 certificate - * requests will be generated. + * This class implements the dual key generation input. This input populates + * parameters to the enrollment pages so that a CRMF request containing 2 + * certificate requests will be generated. * <p> - * - * This input can only be used with Netscape 7.x or later - * clients. + * + * This input can only be used with Netscape 7.x or later clients. * <p> - * + * * @version $Revision$, $Date$ */ -public class DualKeyGenInput extends EnrollInput implements IProfileInput { +public class DualKeyGenInput extends EnrollInput implements IProfileInput { - public static final String VAL_KEYGEN_REQUEST_TYPE = - EnrollProfile.CTX_CERT_REQUEST_TYPE; - public static final String VAL_KEYGEN_REQUEST = - EnrollProfile.CTX_CERT_REQUEST; + public static final String VAL_KEYGEN_REQUEST_TYPE = EnrollProfile.CTX_CERT_REQUEST_TYPE; + public static final String VAL_KEYGEN_REQUEST = EnrollProfile.CTX_CERT_REQUEST; public EnrollProfile mEnrollProfile = null; @@ -69,7 +63,7 @@ public class DualKeyGenInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mEnrollProfile = (EnrollProfile) profile; } @@ -92,73 +86,73 @@ public class DualKeyGenInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { String keygen_request_type = ctx.get(VAL_KEYGEN_REQUEST_TYPE); String keygen_request = ctx.get(VAL_KEYGEN_REQUEST); - X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + X509CertInfo info = request + .getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); if (keygen_request_type == null) { - CMS.debug("DualKeyGenInput: populate - invalid cert request type " + - ""); - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", - "")); + CMS.debug("DualKeyGenInput: populate - invalid cert request type " + + ""); + throw new EProfileException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", "")); } if (keygen_request_type.startsWith("pkcs10")) { - PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request); + PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), + keygen_request); - mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request); + mEnrollProfile + .fillPKCS10(getLocale(request), pkcs10, info, request); } else if (keygen_request_type.startsWith("keygen")) { - DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), keygen_request); + DerInputStream keygen = mEnrollProfile.parseKeyGen( + getLocale(request), keygen_request); - mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request); + mEnrollProfile + .fillKeyGen(getLocale(request), keygen, info, request); } else if (keygen_request_type.startsWith("crmf")) { - CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), keygen_request); + CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), + keygen_request); if (msgs == null) { throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); + getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); } for (int x = 0; x < msgs.length; x++) { verifyPOP(getLocale(request), msgs[x]); } // This profile only handle the first request in CRMF - Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); + Integer seqNum = request + .getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); - if (seqNum == null) { - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_SEQ_NUM")); + if (seqNum == null) { + throw new EProfileException(CMS.getUserMessage( + getLocale(request), "CMS_PROFILE_UNKNOWN_SEQ_NUM")); } - mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request); + mEnrollProfile.fillCertReqMsg(getLocale(request), + msgs[seqNum.intValue()], info, request); } else { // error - CMS.debug("DualKeyGenInput: populate - " + - "invalid cert request type " + keygen_request_type); - throw new EProfileException(CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", - keygen_request_type)); + CMS.debug("DualKeyGenInput: populate - " + + "invalid cert request type " + keygen_request_type); + throw new EProfileException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", keygen_request_type)); } request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_KEYGEN_REQUEST_TYPE)) { return new Descriptor(IDescriptor.DUAL_KEYGEN_REQUEST_TYPE, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ_TYPE")); + null, CMS.getUserMessage(locale, + "CMS_PROFILE_INPUT_KEYGEN_REQ_TYPE")); } else if (name.equals(VAL_KEYGEN_REQUEST)) { - return new Descriptor(IDescriptor.DUAL_KEYGEN_REQUEST, null, - null, + return new Descriptor(IDescriptor.DUAL_KEYGEN_REQUEST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ")); } return null; diff --git a/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java b/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java index 1eaf476b9..71b7a97cd 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -41,16 +40,14 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements the base enrollment input. - * + * * @version $Revision$, $Date$ */ -public abstract class EnrollInput implements IProfileInput { +public abstract class EnrollInput implements IProfileInput { - private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = - "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; + private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; protected IConfigStore mConfig = null; protected Vector mValueNames = new Vector(); @@ -58,12 +55,12 @@ public abstract class EnrollInput implements IProfileInput { protected IProfile mProfile = null; protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); - + /** * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mConfig = config; mProfile = profile; } @@ -74,17 +71,17 @@ public abstract class EnrollInput implements IProfileInput { /** * Populates the request with this policy default. - * + * * @param ctx profile context * @param request request * @exception EProfileException failed to populate */ public abstract void populate(IProfileContext ctx, IRequest request) - throws EProfileException; + throws EProfileException; /** * Retrieves the localizable name of this policy. - * + * * @param locale user locale * @return localized input name */ @@ -92,23 +89,21 @@ public abstract class EnrollInput implements IProfileInput { /** * Retrieves the localizable description of this policy. - * + * * @param locale user locale * @return localized input description */ public abstract String getText(Locale locale); /** - * Retrieves the descriptor of the given value - * property by name. - * + * Retrieves the descriptor of the given value property by name. + * * @param locale user locale * @param name property name * @return descriptor of the property */ public abstract IDescriptor getValueDescriptor(Locale locale, String name); - public void addValueName(String name) { mValueNames.addElement(name); } @@ -128,8 +123,7 @@ public abstract class EnrollInput implements IProfileInput { return mConfigNames.elements(); } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) throws EPropertyException { if (mConfig.getSubStore("params") == null) { // } else { @@ -141,7 +135,7 @@ public abstract class EnrollInput implements IProfileInput { try { if (mConfig == null) { return null; - } + } if (mConfig.getSubStore("params") != null) { return mConfig.getSubStore("params").getString(name); } @@ -155,7 +149,7 @@ public abstract class EnrollInput implements IProfileInput { } public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { return request.getExtDataInString(name); } @@ -163,14 +157,14 @@ public abstract class EnrollInput implements IProfileInput { * Sets the value of the given value parameter by name. */ public void setValue(String name, Locale locale, IRequest request, - String value) throws EPropertyException { + String value) throws EPropertyException { request.setExtData(name, value); } public Locale getLocale(IRequest request) { Locale locale = null; - String language = request.getExtDataInString( - EnrollProfile.REQUEST_LOCALE); + String language = request + .getExtDataInString(EnrollProfile.REQUEST_LOCALE); if (language != null) { locale = new Locale(language); } @@ -181,16 +175,16 @@ public abstract class EnrollInput implements IProfileInput { return null; } - public void verifyPOP(Locale locale, CertReqMsg certReqMsg) - throws EProfileException { - CMS.debug("EnrollInput ::in verifyPOP"); + public void verifyPOP(Locale locale, CertReqMsg certReqMsg) + throws EProfileException { + CMS.debug("EnrollInput ::in verifyPOP"); String auditMessage = null; String auditSubjectID = auditSubjectID(); - if (!certReqMsg.hasPop()) { + if (!certReqMsg.hasPop()) { CMS.debug("CertReqMsg has not POP, return"); - return; + return; } ProofOfPossession pop = certReqMsg.getPop(); ProofOfPossession.Type popType = pop.getType(); @@ -202,54 +196,53 @@ public abstract class EnrollInput implements IProfileInput { try { if (CMS.getConfigStore().getBoolean("cms.skipPOPVerify", false)) { - CMS.debug("skipPOPVerify on, return"); - return; + CMS.debug("skipPOPVerify on, return"); + return; } CMS.debug("POP verification begins:"); CryptoManager cm = CryptoManager.getInstance(); CryptoToken verifyToken = null; - String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", "internal"); + String tokenName = CMS.getConfigStore().getString( + "ca.requestVerify.token", "internal"); if (tokenName.equals("internal")) { CMS.debug("POP verification using internal token"); certReqMsg.verify(); } else { - CMS.debug("POP verification using token:"+ tokenName); + CMS.debug("POP verification using token:" + tokenName); verifyToken = cm.getTokenByName(tokenName); certReqMsg.verify(verifyToken); } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.SUCCESS ); - audit( auditMessage ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, auditSubjectID, + ILogger.SUCCESS); + audit(auditMessage); } catch (Exception e) { - CMS.debug("Failed POP verify! "+e.toString()); + CMS.debug("Failed POP verify! " + e.toString()); CMS.debug(e); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.FAILURE ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, auditSubjectID, + ILogger.FAILURE); - audit( auditMessage ); + audit(auditMessage); - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_POP_VERIFICATION_ERROR")); + throw new EProfileException(CMS.getUserMessage(locale, + "CMS_POP_VERIFICATION_ERROR")); } } /** * Signed Audit Log - * - * This method is inherited by all extended "CMSServlet"s, - * and is called to store messages to the signed audit log. + * + * This method is inherited by all extended "CMSServlet"s, and is called to + * store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -260,21 +253,17 @@ public abstract class EnrollInput implements IProfileInput { return; } - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null, + ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg); } /** * Signed Audit Log Subject ID - * - * This method is inherited by all extended "CMSServlet"s, - * and is called to obtain the "SubjectID" for - * a signed audit log message. + * + * This method is inherited by all extended "CMSServlet"s, and is called to + * obtain the "SubjectID" for a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { @@ -289,8 +278,7 @@ public abstract class EnrollInput implements IProfileInput { SessionContext auditContext = SessionContext.getExistingContext(); if (auditContext != null) { - subjectID = (String) - auditContext.get(SessionContext.USER_ID); + subjectID = (String) auditContext.get(SessionContext.USER_ID); if (subjectID != null) { subjectID = subjectID.trim(); diff --git a/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java b/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java index 70ede1e25..fd1c56a11 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.io.BufferedInputStream; import java.net.URL; import java.net.URLConnection; @@ -34,15 +33,13 @@ import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements the image - * input that collects a picture. + * This class implements the image input that collects a picture. * <p> - * + * * @version $Revision$, $Date$ */ -public class FileSigningInput extends EnrollInput implements IProfileInput { +public class FileSigningInput extends EnrollInput implements IProfileInput { public static final String URL = "file_signing_url"; public static final String TEXT = "file_signing_text"; @@ -59,7 +56,7 @@ public class FileSigningInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -67,23 +64,24 @@ public class FileSigningInput extends EnrollInput implements IProfileInput { * Retrieves the localizable name of this policy. */ public String getName(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_NAME"); + return CMS + .getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_NAME"); } /** * Retrieves the localizable description of this policy. */ public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_TEXT"); + return CMS + .getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_TEXT"); } - public String toHexString(byte data[]) - { + public String toHexString(byte data[]) { StringBuffer sb = new StringBuffer(); for (int i = 0; i < data.length; i++) { int v = data[i] & 0xff; if (v <= 9) { - sb.append("0"); + sb.append("0"); } sb.append(Integer.toHexString(v)); } @@ -94,52 +92,50 @@ public class FileSigningInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { request.setExtData(TEXT, ctx.get(TEXT)); request.setExtData(URL, ctx.get(URL)); request.setExtData(DIGEST_TYPE, "SHA256"); - + try { - // retrieve file and calculate the hash - URL url = new URL(ctx.get(URL)); - URLConnection c = url.openConnection(); - c.setAllowUserInteraction(false); - c.setDoInput(true); - c.setDoOutput(false); - c.setUseCaches(false); - c.connect(); - int len = c.getContentLength(); - request.setExtData(SIZE, Integer.toString(len)); - BufferedInputStream is = new BufferedInputStream(c.getInputStream()); - byte data[] = new byte[len]; - is.read(data, 0, len); - is.close(); + // retrieve file and calculate the hash + URL url = new URL(ctx.get(URL)); + URLConnection c = url.openConnection(); + c.setAllowUserInteraction(false); + c.setDoInput(true); + c.setDoOutput(false); + c.setUseCaches(false); + c.connect(); + int len = c.getContentLength(); + request.setExtData(SIZE, Integer.toString(len)); + BufferedInputStream is = new BufferedInputStream(c.getInputStream()); + byte data[] = new byte[len]; + is.read(data, 0, len); + is.close(); - // calculate digest - MessageDigest digester = MessageDigest.getInstance("SHA256"); - byte digest[] = digester.digest(data); - request.setExtData(DIGEST, toHexString(digest)); - } catch (Exception e) { - CMS.debug("FileSigningInput populate failure " + e); - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_FILE_NOT_FOUND")); + // calculate digest + MessageDigest digester = MessageDigest.getInstance("SHA256"); + byte digest[] = digester.digest(data); + request.setExtData(DIGEST, toHexString(digest)); + } catch (Exception e) { + CMS.debug("FileSigningInput populate failure " + e); + throw new EProfileException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_FILE_NOT_FOUND")); } } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(URL)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_URL")); + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_INPUT_FILE_SIGNING_URL")); } else if (name.equals(TEXT)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_TEXT")); + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_INPUT_FILE_SIGNING_TEXT")); } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java b/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java index 5aa85e0ef..a000da17a 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -32,14 +31,13 @@ import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements a generic input. * <p> - * + * * @version $Revision$, $Date$ */ -public class GenericInput extends EnrollInput implements IProfileInput { +public class GenericInput extends EnrollInput implements IProfileInput { public static final String CONFIG_NUM = "gi_num"; public static final String CONFIG_DISPLAY_NAME = "gi_display_name"; @@ -49,12 +47,12 @@ public class GenericInput extends EnrollInput implements IProfileInput { public static final int DEF_NUM = 5; public GenericInput() { - int num = getNum(); - for (int i = 0; i < num; i++) { - addConfigName(CONFIG_PARAM_NAME + i); - addConfigName(CONFIG_DISPLAY_NAME + i); - addConfigName(CONFIG_ENABLE + i); - } + int num = getNum(); + for (int i = 0; i < num; i++) { + addConfigName(CONFIG_PARAM_NAME + i); + addConfigName(CONFIG_DISPLAY_NAME + i); + addConfigName(CONFIG_ENABLE + i); + } } protected int getNum() { @@ -75,7 +73,7 @@ public class GenericInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -83,79 +81,78 @@ public class GenericInput extends EnrollInput implements IProfileInput { * Retrieves the localizable name of this policy. */ public String getName(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_GENERIC_NAME_NAME"); + return CMS + .getUserMessage(locale, "CMS_PROFILE_INPUT_GENERIC_NAME_NAME"); } /** * Retrieves the localizable description of this policy. */ public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_GENERIC_NAME_TEXT"); + return CMS + .getUserMessage(locale, "CMS_PROFILE_INPUT_GENERIC_NAME_TEXT"); } /** * Returns selected value names based on the configuration. */ public Enumeration getValueNames() { - Vector v = new Vector(); - int num = getNum(); - for (int i = 0; i < num; i++) { - String enable = getConfig(CONFIG_ENABLE + i); - if (enable != null && enable.equals("true")) { - v.addElement(getConfig(CONFIG_PARAM_NAME + i)); - } - } - return v.elements(); + Vector v = new Vector(); + int num = getNum(); + for (int i = 0; i < num; i++) { + String enable = getConfig(CONFIG_ENABLE + i); + if (enable != null && enable.equals("true")) { + v.addElement(getConfig(CONFIG_PARAM_NAME + i)); + } + } + return v.elements(); } /** * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { int num = getNum(); for (int i = 0; i < num; i++) { - String enable = getConfig(CONFIG_ENABLE + i); - if (enable != null && enable.equals("true")) { + String enable = getConfig(CONFIG_ENABLE + i); + if (enable != null && enable.equals("true")) { String param = getConfig(CONFIG_PARAM_NAME + i); request.setExtData(param, ctx.get(param)); - } + } } } public IDescriptor getConfigDescriptor(Locale locale, String name) { int num = getNum(); for (int i = 0; i < num; i++) { - if (name.equals(CONFIG_PARAM_NAME + i)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_GI_PARAM_NAME") + i); - } else if (name.equals(CONFIG_DISPLAY_NAME + i)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_GI_DISPLAY_NAME") + i); - } else if (name.equals(CONFIG_ENABLE + i)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_GI_ENABLE") + i); - } + if (name.equals(CONFIG_PARAM_NAME + i)) { + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, "CMS_PROFILE_GI_PARAM_NAME") + + i); + } else if (name.equals(CONFIG_DISPLAY_NAME + i)) { + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_GI_DISPLAY_NAME") + i); + } else if (name.equals(CONFIG_ENABLE + i)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", + CMS.getUserMessage(locale, "CMS_PROFILE_GI_ENABLE") + i); + } } // for return null; } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { int num = getNum(); for (int i = 0; i < num; i++) { - String param = getConfig(CONFIG_PARAM_NAME + i); - if (param != null && param.equals(name)) { - return new Descriptor(IDescriptor.STRING, null, - null, - getConfig(CONFIG_DISPLAY_NAME + i)); - } + String param = getConfig(CONFIG_PARAM_NAME + i); + if (param != null && param.equals(name)) { + return new Descriptor(IDescriptor.STRING, null, null, + getConfig(CONFIG_DISPLAY_NAME + i)); + } } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java b/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java index 265b958d4..01d604754 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import com.netscape.certsrv.apps.CMS; @@ -30,15 +29,13 @@ import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements the image - * input that collects a picture. + * This class implements the image input that collects a picture. * <p> - * + * * @version $Revision$, $Date$ */ -public class ImageInput extends EnrollInput implements IProfileInput { +public class ImageInput extends EnrollInput implements IProfileInput { public static final String IMAGE_URL = "image_url"; @@ -50,7 +47,7 @@ public class ImageInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -72,18 +69,16 @@ public class ImageInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { request.setExtData(IMAGE_URL, ctx.get(IMAGE_URL)); } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(IMAGE_URL)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_IMAGE_URL")); } return null; diff --git a/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java b/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java index 00c0ffcf9..370930089 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import netscape.security.pkcs.PKCS10; @@ -38,25 +37,21 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** - * This class implements the key generation input that - * populates parameters to the enrollment page for - * key generation. + * This class implements the key generation input that populates parameters to + * the enrollment page for key generation. * <p> - * - * This input normally is used with user-based or - * non certificate request profile. + * + * This input normally is used with user-based or non certificate request + * profile. * <p> - * + * * @version $Revision$, $Date$ */ -public class KeyGenInput extends EnrollInput implements IProfileInput { +public class KeyGenInput extends EnrollInput implements IProfileInput { - public static final String VAL_KEYGEN_REQUEST_TYPE = - EnrollProfile.CTX_CERT_REQUEST_TYPE; - public static final String VAL_KEYGEN_REQUEST = - EnrollProfile.CTX_CERT_REQUEST; + public static final String VAL_KEYGEN_REQUEST_TYPE = EnrollProfile.CTX_CERT_REQUEST_TYPE; + public static final String VAL_KEYGEN_REQUEST = EnrollProfile.CTX_CERT_REQUEST; public EnrollProfile mEnrollProfile = null; @@ -69,7 +64,7 @@ public class KeyGenInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mEnrollProfile = (EnrollProfile) profile; } @@ -92,94 +87,97 @@ public class KeyGenInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { String keygen_request_type = ctx.get(VAL_KEYGEN_REQUEST_TYPE); String keygen_request = ctx.get(VAL_KEYGEN_REQUEST); - X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + X509CertInfo info = request + .getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); if (keygen_request_type == null) { - CMS.debug("KeyGenInput: populate - invalid cert request type " + - ""); - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", - "")); + CMS.debug("KeyGenInput: populate - invalid cert request type " + ""); + throw new EProfileException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", "")); } if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_PKCS10)) { - PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request); + PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), + keygen_request); if (pkcs10 == null) { throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); + getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); } - mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request); - } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_KEYGEN)) { - DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), keygen_request); + mEnrollProfile + .fillPKCS10(getLocale(request), pkcs10, info, request); + } else if (keygen_request_type + .startsWith(EnrollProfile.REQ_TYPE_KEYGEN)) { + DerInputStream keygen = mEnrollProfile.parseKeyGen( + getLocale(request), keygen_request); if (keygen == null) { throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); + getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); } - mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request); + mEnrollProfile + .fillKeyGen(getLocale(request), keygen, info, request); } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_CRMF)) { - CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), keygen_request); + CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), + keygen_request); if (msgs == null) { throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); + getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); } for (int x = 0; x < msgs.length; x++) { verifyPOP(getLocale(request), msgs[x]); } // This profile only handle the first request in CRMF - Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); + Integer seqNum = request + .getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); - mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request); + mEnrollProfile.fillCertReqMsg(getLocale(request), + msgs[seqNum.intValue()], info, request); } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_CMC)) { - TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), keygen_request); + TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), + keygen_request); if (msgs == null) { throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); + getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); } // This profile only handle the first request in CRMF - Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); + Integer seqNum = request + .getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); - if (seqNum == null) { - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_SEQ_NUM")); + if (seqNum == null) { + throw new EProfileException(CMS.getUserMessage( + getLocale(request), "CMS_PROFILE_UNKNOWN_SEQ_NUM")); } - mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request); + mEnrollProfile.fillTaggedRequest(getLocale(request), + msgs[seqNum.intValue()], info, request); } else { // error - CMS.debug("DualKeyGenInput: populate - " + - "invalid cert request type " + keygen_request_type); - throw new EProfileException(CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", - keygen_request_type)); + CMS.debug("DualKeyGenInput: populate - " + + "invalid cert request type " + keygen_request_type); + throw new EProfileException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", keygen_request_type)); } request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_KEYGEN_REQUEST_TYPE)) { - return new Descriptor(IDescriptor.KEYGEN_REQUEST_TYPE, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ_TYPE")); + return new Descriptor(IDescriptor.KEYGEN_REQUEST_TYPE, null, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_INPUT_KEYGEN_REQ_TYPE")); } else if (name.equals(VAL_KEYGEN_REQUEST)) { - return new Descriptor(IDescriptor.KEYGEN_REQUEST, null, - null, + return new Descriptor(IDescriptor.KEYGEN_REQUEST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ")); } return null; diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java index dce75c15d..b464cdf81 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import com.netscape.certsrv.apps.CMS; @@ -30,15 +29,13 @@ import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements the serial number input - * for renewal + * This class implements the serial number input for renewal * <p> - * - * @author Christina Fu + * + * @author Christina Fu */ -public class SerialNumRenewInput extends EnrollInput implements IProfileInput { +public class SerialNumRenewInput extends EnrollInput implements IProfileInput { public static final String SERIAL_NUM = "serial_num"; @@ -50,7 +47,7 @@ public class SerialNumRenewInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -72,19 +69,18 @@ public class SerialNumRenewInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { // } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(SERIAL_NUM)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SERIAL_NUM_NAME")); + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_INPUT_SERIAL_NUM_NAME")); } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java index 8691b45c7..d868fefd0 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -37,11 +36,10 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This plugin accepts subject DN from end user. */ -public class SubjectDNInput extends EnrollInput implements IProfileInput { +public class SubjectDNInput extends EnrollInput implements IProfileInput { public static final String VAL_SUBJECT = "subject"; @@ -52,7 +50,7 @@ public class SubjectDNInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -60,58 +58,57 @@ public class SubjectDNInput extends EnrollInput implements IProfileInput { * Retrieves the localizable name of this policy. */ public String getName(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_NAME"); + return CMS + .getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_NAME"); } /** * Retrieves the localizable description of this policy. */ public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_TEXT"); + return CMS + .getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_TEXT"); } - public String getConfig(String name) { - String config = super.getConfig(name); - if (config == null || config.equals("")) - return "true"; - return config; + String config = super.getConfig(name); + if (config == null || config.equals("")) + return "true"; + return config; } /** * Returns selected value names based on the configuration. */ public Enumeration getValueNames() { - Vector v = new Vector(); - v.addElement(VAL_SUBJECT); - return v.elements(); + Vector v = new Vector(); + v.addElement(VAL_SUBJECT); + return v.elements(); } /** * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { - X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + throws EProfileException { + X509CertInfo info = request + .getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); String subjectName = ""; subjectName = ctx.get(VAL_SUBJECT); if (subjectName.equals("")) { - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + throw new EProfileException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } X500Name name = null; try { name = new X500Name(subjectName); } catch (Exception e) { - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName)); + throw new EProfileException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName)); } - parseSubjectName(name, info, request); + parseSubjectName(name, info, request); request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); } @@ -120,26 +117,23 @@ public class SubjectDNInput extends EnrollInput implements IProfileInput { } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_SUBJECT)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME")); } return null; } - protected void parseSubjectName(X500Name subj, X509CertInfo info, IRequest req) - throws EProfileException { + protected void parseSubjectName(X500Name subj, X509CertInfo info, + IRequest req) throws EProfileException { try { req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME, new CertificateSubjectName(subj)); } catch (Exception e) { - CMS.debug("SubjectNameInput: parseSubject Name " + - e.toString()); + CMS.debug("SubjectNameInput: parseSubject Name " + e.toString()); } } } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java index 15f906f99..5288a9c34 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -37,20 +36,18 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** - * This class implements the subject name input - * that populates text fields to the enrollment - * page so that distinguished name parameters - * can be collected from the user. + * This class implements the subject name input that populates text fields to + * the enrollment page so that distinguished name parameters can be collected + * from the user. * <p> - * The collected parameters could be used for - * fomulating the subject name in the certificate. + * The collected parameters could be used for fomulating the subject name in the + * certificate. * <p> - * + * * @version $Revision$, $Date$ */ -public class SubjectNameInput extends EnrollInput implements IProfileInput { +public class SubjectNameInput extends EnrollInput implements IProfileInput { public static final String CONFIG_UID = "sn_uid"; public static final String CONFIG_EMAIL = "sn_e"; @@ -88,7 +85,7 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -96,111 +93,112 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput { * Retrieves the localizable name of this policy. */ public String getName(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_NAME"); + return CMS + .getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_NAME"); } /** * Retrieves the localizable description of this policy. */ public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_TEXT"); + return CMS + .getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_TEXT"); } - public String getConfig(String name) { - String config = super.getConfig(name); - if (config == null || config.equals("")) - return "true"; - return config; + String config = super.getConfig(name); + if (config == null || config.equals("")) + return "true"; + return config; } /** * Returns selected value names based on the configuration. */ public Enumeration getValueNames() { - Vector v = new Vector(); - String c_uid = getConfig(CONFIG_UID); - if (c_uid == null || c_uid.equals("")) { - v.addElement(VAL_UID); // default case - } else { - if (c_uid.equals("true")) { - v.addElement(VAL_UID); - } - } - String c_email = getConfig(CONFIG_EMAIL); - if (c_email == null || c_email.equals("")) { - v.addElement(VAL_EMAIL); - } else { - if (c_email.equals("true")) { - v.addElement(VAL_EMAIL); - } - } - String c_cn = getConfig(CONFIG_CN); - if (c_cn == null || c_cn.equals("")) { - v.addElement(VAL_CN); - } else { - if (c_cn.equals("true")) { - v.addElement(VAL_CN); - } - } - String c_ou3 = getConfig(CONFIG_OU3); - if (c_ou3 == null || c_ou3.equals("")) { - v.addElement(VAL_OU3); - } else { - if (c_ou3.equals("true")) { - v.addElement(VAL_OU3); - } - } - String c_ou2 = getConfig(CONFIG_OU2); - if (c_ou2 == null || c_ou2.equals("")) { - v.addElement(VAL_OU2); - } else { - if (c_ou2.equals("true")) { - v.addElement(VAL_OU2); - } - } - String c_ou1 = getConfig(CONFIG_OU1); - if (c_ou1 == null || c_ou1.equals("")) { - v.addElement(VAL_OU1); - } else { - if (c_ou1.equals("true")) { - v.addElement(VAL_OU1); - } - } - String c_ou = getConfig(CONFIG_OU); - if (c_ou == null || c_ou.equals("")) { - v.addElement(VAL_OU); - } else { - if (c_ou.equals("true")) { - v.addElement(VAL_OU); - } - } - String c_o = getConfig(CONFIG_O); - if (c_o == null || c_o.equals("")) { - v.addElement(VAL_O); - } else { - if (c_o.equals("true")) { - v.addElement(VAL_O); - } - } - String c_c = getConfig(CONFIG_C); - if (c_c == null || c_c.equals("")) { - v.addElement(VAL_C); - } else { - if (c_c.equals("true")) { - v.addElement(VAL_C); - } - } - return v.elements(); + Vector v = new Vector(); + String c_uid = getConfig(CONFIG_UID); + if (c_uid == null || c_uid.equals("")) { + v.addElement(VAL_UID); // default case + } else { + if (c_uid.equals("true")) { + v.addElement(VAL_UID); + } + } + String c_email = getConfig(CONFIG_EMAIL); + if (c_email == null || c_email.equals("")) { + v.addElement(VAL_EMAIL); + } else { + if (c_email.equals("true")) { + v.addElement(VAL_EMAIL); + } + } + String c_cn = getConfig(CONFIG_CN); + if (c_cn == null || c_cn.equals("")) { + v.addElement(VAL_CN); + } else { + if (c_cn.equals("true")) { + v.addElement(VAL_CN); + } + } + String c_ou3 = getConfig(CONFIG_OU3); + if (c_ou3 == null || c_ou3.equals("")) { + v.addElement(VAL_OU3); + } else { + if (c_ou3.equals("true")) { + v.addElement(VAL_OU3); + } + } + String c_ou2 = getConfig(CONFIG_OU2); + if (c_ou2 == null || c_ou2.equals("")) { + v.addElement(VAL_OU2); + } else { + if (c_ou2.equals("true")) { + v.addElement(VAL_OU2); + } + } + String c_ou1 = getConfig(CONFIG_OU1); + if (c_ou1 == null || c_ou1.equals("")) { + v.addElement(VAL_OU1); + } else { + if (c_ou1.equals("true")) { + v.addElement(VAL_OU1); + } + } + String c_ou = getConfig(CONFIG_OU); + if (c_ou == null || c_ou.equals("")) { + v.addElement(VAL_OU); + } else { + if (c_ou.equals("true")) { + v.addElement(VAL_OU); + } + } + String c_o = getConfig(CONFIG_O); + if (c_o == null || c_o.equals("")) { + v.addElement(VAL_O); + } else { + if (c_o.equals("true")) { + v.addElement(VAL_O); + } + } + String c_c = getConfig(CONFIG_C); + if (c_c == null || c_c.equals("")) { + v.addElement(VAL_C); + } else { + if (c_c.equals("true")) { + v.addElement(VAL_C); + } + } + return v.elements(); } /** * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { - X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + throws EProfileException { + X509CertInfo info = request + .getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); String subjectName = ""; String uid = ctx.get(VAL_UID); @@ -269,59 +267,48 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput { subjectName += "C=" + c; } if (subjectName.equals("")) { - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + throw new EProfileException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } X500Name name = null; try { name = new X500Name(subjectName); } catch (Exception e) { - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName)); + throw new EProfileException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName)); } - parseSubjectName(name, info, request); + parseSubjectName(name, info, request); request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); } public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_UID)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "true", + return new Descriptor(IDescriptor.BOOLEAN, null, "true", CMS.getUserMessage(locale, "CMS_PROFILE_SN_UID")); } else if (name.equals(CONFIG_EMAIL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "true", + return new Descriptor(IDescriptor.BOOLEAN, null, "true", CMS.getUserMessage(locale, "CMS_PROFILE_SN_UID")); } else if (name.equals(CONFIG_CN)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "true", + return new Descriptor(IDescriptor.BOOLEAN, null, "true", CMS.getUserMessage(locale, "CMS_PROFILE_SN_CN")); } else if (name.equals(CONFIG_OU3)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "true", + return new Descriptor(IDescriptor.BOOLEAN, null, "true", CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU")); } else if (name.equals(CONFIG_OU2)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "true", + return new Descriptor(IDescriptor.BOOLEAN, null, "true", CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU")); } else if (name.equals(CONFIG_OU1)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "true", + return new Descriptor(IDescriptor.BOOLEAN, null, "true", CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU")); } else if (name.equals(CONFIG_OU)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "true", + return new Descriptor(IDescriptor.BOOLEAN, null, "true", CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU")); } else if (name.equals(CONFIG_O)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "true", + return new Descriptor(IDescriptor.BOOLEAN, null, "true", CMS.getUserMessage(locale, "CMS_PROFILE_SN_O")); } else if (name.equals(CONFIG_C)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "true", + return new Descriptor(IDescriptor.BOOLEAN, null, "true", CMS.getUserMessage(locale, "CMS_PROFILE_SN_C")); } else { return null; @@ -329,58 +316,47 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput { } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_UID)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_SN_UID")); } else if (name.equals(VAL_EMAIL)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_SN_EMAIL")); } else if (name.equals(VAL_CN)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_SN_CN")); } else if (name.equals(VAL_OU3)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU") + " 3"); } else if (name.equals(VAL_OU2)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU") + " 2"); } else if (name.equals(VAL_OU1)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU") + " 1"); } else if (name.equals(VAL_OU)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU")); } else if (name.equals(VAL_O)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_SN_O")); } else if (name.equals(VAL_C)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_SN_C")); } return null; } - protected void parseSubjectName(X500Name subj, X509CertInfo info, IRequest req) - throws EProfileException { + protected void parseSubjectName(X500Name subj, X509CertInfo info, + IRequest req) throws EProfileException { try { req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME, new CertificateSubjectName(subj)); } catch (Exception e) { - CMS.debug("SubjectNameInput: parseSubject Name " + - e.toString()); + CMS.debug("SubjectNameInput: parseSubject Name " + e.toString()); } } } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java index 52df2d418..f45a0c380 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import com.netscape.certsrv.apps.CMS; @@ -30,16 +29,14 @@ import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements the submitter information - * input that collects certificate requestor's - * information such as name, email and phone. + * This class implements the submitter information input that collects + * certificate requestor's information such as name, email and phone. * <p> - * + * * @version $Revision$, $Date$ */ -public class SubmitterInfoInput extends EnrollInput implements IProfileInput { +public class SubmitterInfoInput extends EnrollInput implements IProfileInput { public static final String NAME = "requestor_name"; public static final String EMAIL = "requestor_email"; @@ -55,7 +52,7 @@ public class SubmitterInfoInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -77,26 +74,22 @@ public class SubmitterInfoInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { // } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(NAME)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_REQUESTOR_NAME")); } else if (name.equals(EMAIL)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_REQUESTOR_EMAIL")); } else if (name.equals(PHONE)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_REQUESTOR_PHONE")); } return null; diff --git a/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java index 64988fed3..4b46f3c60 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import netscape.security.x509.X509CertInfo; @@ -33,19 +32,17 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** - * This class implements the certificate request input from TPS. - * This input populates 2 main fields to the enrollment "page": - * 1/ token cuid, 2/ publickey + * This class implements the certificate request input from TPS. This input + * populates 2 main fields to the enrollment "page": 1/ token cuid, 2/ publickey * <p> * - * This input usually is used by an enrollment profile for - * certificate requests coming from TPS. - * + * This input usually is used by an enrollment profile for certificate requests + * coming from TPS. + * * @version $Revision$, $Date$ */ -public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput { +public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput { public static final String VAL_TOKEN_CUID = "tokencuid"; public static final String VAL_PUBLIC_KEY = "publickey"; @@ -60,7 +57,7 @@ public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mEnrollProfile = (EnrollProfile) profile; @@ -70,94 +67,86 @@ public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput { * Retrieves the localizable name of this policy. */ public String getName(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_NAME"); + return CMS.getUserMessage(locale, + "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_NAME"); } /** * Retrieves the localizable description of this policy. */ public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TEXT"); + return CMS.getUserMessage(locale, + "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TEXT"); } - /* - * Pretty print token cuid - */ - public String toPrettyPrint(String cuid) - { - if (cuid == null) - return null; - - if (cuid.length() != 20) - return null; - - StringBuffer sb = new StringBuffer(); - for (int i=0; i < cuid.length(); i++) { - if (i == 4 || i == 8 || i == 12 || i == 16) { - sb.append("-"); - } - sb.append(cuid.charAt(i)); - } - return sb.toString(); - } + /* + * Pretty print token cuid + */ + public String toPrettyPrint(String cuid) { + if (cuid == null) + return null; + + if (cuid.length() != 20) + return null; + + StringBuffer sb = new StringBuffer(); + for (int i = 0; i < cuid.length(); i++) { + if (i == 4 || i == 8 || i == 12 || i == 16) { + sb.append("-"); + } + sb.append(cuid.charAt(i)); + } + return sb.toString(); + } /** * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { String tcuid = ctx.get(VAL_TOKEN_CUID); - // pretty print tcuid - String prettyPrintCuid = toPrettyPrint(tcuid); - if (prettyPrintCuid == null) { - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_TOKENKEY_NO_TOKENCUID", - "")); - } + // pretty print tcuid + String prettyPrintCuid = toPrettyPrint(tcuid); + if (prettyPrintCuid == null) { + throw new EProfileException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_TOKENKEY_NO_TOKENCUID", "")); + } - request.setExtData("pretty_print_tokencuid", prettyPrintCuid); + request.setExtData("pretty_print_tokencuid", prettyPrintCuid); String pk = ctx.get(VAL_PUBLIC_KEY); - X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + X509CertInfo info = request + .getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); if (tcuid == null) { - CMS.debug("nsHKeyCertReqInput: populate - tokencuid not found " + - ""); - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_TOKENKEY_NO_TOKENCUID", - "")); + CMS.debug("nsHKeyCertReqInput: populate - tokencuid not found " + + ""); + throw new EProfileException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_TOKENKEY_NO_TOKENCUID", "")); } if (pk == null) { - CMS.debug("nsHKeyCertReqInput: populate - public key not found " + - ""); - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY", - "")); + CMS.debug("nsHKeyCertReqInput: populate - public key not found " + + ""); + throw new EProfileException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY", "")); } - mEnrollProfile.fillNSHKEY(getLocale(request), tcuid, pk, info, request); + mEnrollProfile.fillNSHKEY(getLocale(request), tcuid, pk, info, request); request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_TOKEN_CUID)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TOKEN_CUID")); + "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TOKEN_CUID")); } else if (name.equals(VAL_PUBLIC_KEY)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK")); + "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK")); } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java index 58984c6c3..3c80835c4 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import netscape.security.x509.X509CertInfo; @@ -33,19 +32,17 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** - * This class implements the certificate request input from TPS. - * This input populates 2 main fields to the enrollment "page": - * 1/ id, 2/ publickey + * This class implements the certificate request input from TPS. This input + * populates 2 main fields to the enrollment "page": 1/ id, 2/ publickey * <p> * - * This input usually is used by an enrollment profile for - * certificate requests coming from TPS. - * + * This input usually is used by an enrollment profile for certificate requests + * coming from TPS. + * * @version $Revision$, $Date$ */ -public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput { +public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput { public static final String VAL_SN = "screenname"; public static final String VAL_PUBLIC_KEY = "publickey"; @@ -60,7 +57,7 @@ public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mEnrollProfile = (EnrollProfile) profile; @@ -70,62 +67,56 @@ public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput { * Retrieves the localizable name of this policy. */ public String getName(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_NAME"); + return CMS.getUserMessage(locale, + "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_NAME"); } /** * Retrieves the localizable description of this policy. */ public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TEXT"); + return CMS.getUserMessage(locale, + "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TEXT"); } /** * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { String sn = ctx.get(VAL_SN); String pk = ctx.get(VAL_PUBLIC_KEY); - X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + X509CertInfo info = request + .getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); if (sn == null) { - CMS.debug("nsNKeyCertReqInput: populate - id not found " + - ""); - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_TOKENKEY_NO_ID", - "")); + CMS.debug("nsNKeyCertReqInput: populate - id not found " + ""); + throw new EProfileException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_TOKENKEY_NO_ID", "")); } if (pk == null) { - CMS.debug("nsNKeyCertReqInput: populate - public key not found " + - ""); - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY", - "")); + CMS.debug("nsNKeyCertReqInput: populate - public key not found " + + ""); + throw new EProfileException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY", "")); } - mEnrollProfile.fillNSNKEY(getLocale(request), sn, pk, info, request); + mEnrollProfile.fillNSNKEY(getLocale(request), sn, pk, info, request); request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_SN)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_UID")); + "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_UID")); } else if (name.equals(VAL_PUBLIC_KEY)) { - return new Descriptor(IDescriptor.STRING, null, - null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK")); + "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK")); } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java index 999bdc67e..66d34c6e2 100644 --- a/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java +++ b/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.output; - import java.io.ByteArrayOutputStream; import java.security.cert.X509Certificate; import java.util.Locale; @@ -45,14 +44,13 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** - * This class implements the output plugin that outputs - * CMMF response for the issued certificate. - * + * This class implements the output plugin that outputs CMMF response for the + * issued certificate. + * * @version $Revision$, $Date$ */ -public class CMMFOutput extends EnrollOutput implements IProfileOutput { +public class CMMFOutput extends EnrollOutput implements IProfileOutput { public static final String VAL_PRETTY_CERT = "pretty_cert"; public static final String VAL_CMMF_RESPONSE = "cmmf_response"; @@ -66,7 +64,7 @@ public class CMMFOutput extends EnrollOutput implements IProfileOutput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -88,72 +86,66 @@ public class CMMFOutput extends EnrollOutput implements IProfileOutput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_PRETTY_CERT)) { - return new Descriptor(IDescriptor.PRETTY_PRINT, null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_CERT_PP")); + return new Descriptor(IDescriptor.PRETTY_PRINT, null, null, + CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_PP")); } else if (name.equals(VAL_CMMF_RESPONSE)) { - return new Descriptor(IDescriptor.PRETTY_PRINT, null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_CMMF_B64")); + return new Descriptor(IDescriptor.PRETTY_PRINT, null, null, + CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CMMF_B64")); } return null; } public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { if (name.equals(VAL_PRETTY_CERT)) { - X509CertImpl cert = request.getExtDataInCert( - EnrollProfile.REQUEST_ISSUED_CERT); - ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); + X509CertImpl cert = request + .getExtDataInCert(EnrollProfile.REQUEST_ISSUED_CERT); + ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); return prettyCert.toString(locale); } else if (name.equals(VAL_CMMF_RESPONSE)) { try { - X509CertImpl cert = request.getExtDataInCert( - EnrollProfile.REQUEST_ISSUED_CERT); - if (cert == null) - return null; - - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem("ca"); - CertificateChain cachain = ca.getCACertChain(); - X509Certificate[] cacerts = cachain.getChain(); - - byte[][] caPubs = new byte[cacerts.length][]; - - for (int j = 0; j < cacerts.length; j++) { - caPubs[j] = ((X509CertImpl) cacerts[j]).getEncoded(); - } - - CertRepContent certRepContent = null; - certRepContent = new CertRepContent(caPubs); - - PKIStatusInfo status = new PKIStatusInfo(PKIStatusInfo.granted); - CertifiedKeyPair certifiedKP = - new CertifiedKeyPair(new CertOrEncCert(cert.getEncoded())); - CertResponse resp = - new CertResponse(new INTEGER(request.getRequestId().toString()), - status, certifiedKP); - certRepContent.addCertResponse(resp); - - ByteArrayOutputStream certRepOut = new ByteArrayOutputStream(); - certRepContent.encode(certRepOut); - byte[] certRepBytes = certRepOut.toByteArray(); - - return CMS.BtoA(certRepBytes); + X509CertImpl cert = request + .getExtDataInCert(EnrollProfile.REQUEST_ISSUED_CERT); + if (cert == null) + return null; + + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem("ca"); + CertificateChain cachain = ca.getCACertChain(); + X509Certificate[] cacerts = cachain.getChain(); + + byte[][] caPubs = new byte[cacerts.length][]; + + for (int j = 0; j < cacerts.length; j++) { + caPubs[j] = ((X509CertImpl) cacerts[j]).getEncoded(); + } + + CertRepContent certRepContent = null; + certRepContent = new CertRepContent(caPubs); + + PKIStatusInfo status = new PKIStatusInfo(PKIStatusInfo.granted); + CertifiedKeyPair certifiedKP = new CertifiedKeyPair( + new CertOrEncCert(cert.getEncoded())); + CertResponse resp = new CertResponse(new INTEGER(request + .getRequestId().toString()), status, certifiedKP); + certRepContent.addCertResponse(resp); + + ByteArrayOutputStream certRepOut = new ByteArrayOutputStream(); + certRepContent.encode(certRepOut); + byte[] certRepBytes = certRepOut.toByteArray(); + + return CMS.BtoA(certRepBytes); } catch (Exception e) { - return null; + return null; } } else { return null; diff --git a/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java index 7a2631da4..ae71532d0 100644 --- a/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java +++ b/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.output; - import java.util.Locale; import netscape.security.x509.X509CertImpl; @@ -34,14 +33,13 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** - * This class implements the pretty print certificate output - * that displays the issued certificate in a pretty print format. - * + * This class implements the pretty print certificate output that displays the + * issued certificate in a pretty print format. + * * @version $Revision$, $Date$ */ -public class CertOutput extends EnrollOutput implements IProfileOutput { +public class CertOutput extends EnrollOutput implements IProfileOutput { public static final String VAL_PRETTY_CERT = "pretty_cert"; public static final String VAL_B64_CERT = "b64_cert"; @@ -54,7 +52,7 @@ public class CertOutput extends EnrollOutput implements IProfileOutput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -76,44 +74,39 @@ public class CertOutput extends EnrollOutput implements IProfileOutput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_PRETTY_CERT)) { - return new Descriptor(IDescriptor.PRETTY_PRINT, null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_CERT_PP")); + return new Descriptor(IDescriptor.PRETTY_PRINT, null, null, + CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_PP")); } else if (name.equals(VAL_B64_CERT)) { - return new Descriptor(IDescriptor.PRETTY_PRINT, null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_CERT_B64")); + return new Descriptor(IDescriptor.PRETTY_PRINT, null, null, + CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_B64")); } return null; } public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { if (name.equals(VAL_PRETTY_CERT)) { - X509CertImpl cert = request.getExtDataInCert( - EnrollProfile.REQUEST_ISSUED_CERT); + X509CertImpl cert = request + .getExtDataInCert(EnrollProfile.REQUEST_ISSUED_CERT); if (cert == null) return null; - ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); + ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); return prettyCert.toString(locale); } else if (name.equals(VAL_B64_CERT)) { - X509CertImpl cert = request.getExtDataInCert( - EnrollProfile.REQUEST_ISSUED_CERT); + X509CertImpl cert = request + .getExtDataInCert(EnrollProfile.REQUEST_ISSUED_CERT); if (cert == null) return null; - return CMS.getEncodedCert(cert); + return CMS.getEncodedCert(cert); } else { return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java index 3013e8810..64c61f437 100644 --- a/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java +++ b/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.output; - import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -31,22 +30,21 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements the basic enrollment output. - * + * * @version $Revision$, $Date$ */ -public abstract class EnrollOutput implements IProfileOutput { +public abstract class EnrollOutput implements IProfileOutput { private IConfigStore mConfig = null; private Vector mValueNames = new Vector(); protected Vector mConfigNames = new Vector(); - + /** * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mConfig = config; } @@ -60,28 +58,26 @@ public abstract class EnrollOutput implements IProfileOutput { /** * Populates the request with this policy default. - * + * * @param ctx profile context * @param request request * @exception EProfileException failed to populate */ public abstract void populate(IProfileContext ctx, IRequest request) - throws EProfileException; + throws EProfileException; /** - * Retrieves the descriptor of the given value - * parameter by name. - * + * Retrieves the descriptor of the given value parameter by name. + * * @param locale user locale * @param name property name * @return property descriptor */ public abstract IDescriptor getValueDescriptor(Locale locale, String name); - /** * Retrieves the localizable name of this policy. - * + * * @param locale user locale * @return output policy name */ @@ -89,7 +85,7 @@ public abstract class EnrollOutput implements IProfileOutput { /** * Retrieves the localizable description of this policy. - * + * * @param locale user locale * @return output policy description */ @@ -103,7 +99,7 @@ public abstract class EnrollOutput implements IProfileOutput { } public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { return request.getExtDataInString(name); } @@ -111,7 +107,7 @@ public abstract class EnrollOutput implements IProfileOutput { * Sets the value of the given value parameter by name. */ public void setValue(String name, Locale locale, IRequest request, - String value) throws EPropertyException { + String value) throws EPropertyException { request.setExtData(name, value); } @@ -123,8 +119,7 @@ public abstract class EnrollOutput implements IProfileOutput { return null; } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) throws EPropertyException { } public String getConfig(String name) { diff --git a/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java b/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java index 657184813..01550c1a3 100644 --- a/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java +++ b/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.output; - import java.io.ByteArrayOutputStream; import java.security.cert.X509Certificate; import java.util.Locale; @@ -42,14 +41,13 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** - * This class implements the output plugin that outputs - * PKCS7 for the issued certificate. - * + * This class implements the output plugin that outputs PKCS7 for the issued + * certificate. + * * @version $Revision$, $Date$ */ -public class PKCS7Output extends EnrollOutput implements IProfileOutput { +public class PKCS7Output extends EnrollOutput implements IProfileOutput { public static final String VAL_PRETTY_CERT = "pretty_cert"; public static final String VAL_PKCS7 = "pkcs7"; @@ -63,7 +61,7 @@ public class PKCS7Output extends EnrollOutput implements IProfileOutput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -85,72 +83,65 @@ public class PKCS7Output extends EnrollOutput implements IProfileOutput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_PRETTY_CERT)) { - return new Descriptor(IDescriptor.PRETTY_PRINT, null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_CERT_PP")); + return new Descriptor(IDescriptor.PRETTY_PRINT, null, null, + CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_PP")); } else if (name.equals(VAL_PKCS7)) { - return new Descriptor(IDescriptor.PRETTY_PRINT, null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_PKCS7_B64")); + return new Descriptor(IDescriptor.PRETTY_PRINT, null, null, + CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_PKCS7_B64")); } return null; } public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { if (name.equals(VAL_PRETTY_CERT)) { - X509CertImpl cert = request.getExtDataInCert( - EnrollProfile.REQUEST_ISSUED_CERT); + X509CertImpl cert = request + .getExtDataInCert(EnrollProfile.REQUEST_ISSUED_CERT); if (cert == null) - return null; - ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); + return null; + ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); return prettyCert.toString(locale); } else if (name.equals(VAL_PKCS7)) { try { - X509CertImpl cert = request.getExtDataInCert( - EnrollProfile.REQUEST_ISSUED_CERT); - if (cert == null) - return null; - - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem("ca"); - CertificateChain cachain = ca.getCACertChain(); - X509Certificate[] cacerts = cachain.getChain(); - - X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; - int m = 1, n = 0; - - for (; n < cacerts.length; m++, n++) { - userChain[m] = (X509CertImpl) cacerts[n]; - } - - userChain[0] = cert; - PKCS7 p7 = new PKCS7(new AlgorithmId[0], - new ContentInfo(new byte[0]), - userChain, - new SignerInfo[0]); - ByteArrayOutputStream bos = new ByteArrayOutputStream(); - - p7.encodeSignedData(bos); - byte[] p7Bytes = bos.toByteArray(); - String p7Str = CMS.BtoA(p7Bytes); - - return p7Str; + X509CertImpl cert = request + .getExtDataInCert(EnrollProfile.REQUEST_ISSUED_CERT); + if (cert == null) + return null; + + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem("ca"); + CertificateChain cachain = ca.getCACertChain(); + X509Certificate[] cacerts = cachain.getChain(); + + X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; + int m = 1, n = 0; + + for (; n < cacerts.length; m++, n++) { + userChain[m] = (X509CertImpl) cacerts[n]; + } + + userChain[0] = cert; + PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo( + new byte[0]), userChain, new SignerInfo[0]); + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + + p7.encodeSignedData(bos); + byte[] p7Bytes = bos.toByteArray(); + String p7Str = CMS.BtoA(p7Bytes); + + return p7Str; } catch (Exception e) { - return ""; + return ""; } } else { return null; diff --git a/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java index 90aa40a14..31a1ddbae 100644 --- a/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java +++ b/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.output; - import java.util.Locale; import netscape.security.x509.X509CertImpl; @@ -33,14 +32,13 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** - * This class implements the output plugin that outputs - * DER for the issued certificate for token keys - * + * This class implements the output plugin that outputs DER for the issued + * certificate for token keys + * * @version $Revision$, $Date$ */ -public class nsNKeyOutput extends EnrollOutput implements IProfileOutput { +public class nsNKeyOutput extends EnrollOutput implements IProfileOutput { public static final String VAL_DER = "der"; @@ -52,7 +50,7 @@ public class nsNKeyOutput extends EnrollOutput implements IProfileOutput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -60,49 +58,48 @@ public class nsNKeyOutput extends EnrollOutput implements IProfileOutput { * Retrieves the localizable name of this policy. */ public String getName(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_TOKENKEY_NAME"); + return CMS.getUserMessage(locale, + "CMS_PROFILE_OUTPUT_CERT_TOKENKEY_NAME"); } /** * Retrieves the localizable description of this policy. */ public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_TOKENKEY_TEXT"); + return CMS.getUserMessage(locale, + "CMS_PROFILE_OUTPUT_CERT_TOKENKEY_TEXT"); } /** * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { } /** - * Retrieves the descriptor of the given value - * parameter by name. + * Retrieves the descriptor of the given value parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_DER)) { - return new Descriptor("der_b64", null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_DER_B64")); + return new Descriptor("der_b64", null, null, CMS.getUserMessage( + locale, "CMS_PROFILE_OUTPUT_DER_B64")); } return null; } public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { if (name.equals(VAL_DER)) { try { - X509CertImpl cert = request.getExtDataInCert( - EnrollProfile.REQUEST_ISSUED_CERT); - if (cert == null) - return null; - return CMS.BtoA(cert.getEncoded()); + X509CertImpl cert = request + .getExtDataInCert(EnrollProfile.REQUEST_ISSUED_CERT); + if (cert == null) + return null; + return CMS.BtoA(cert.getEncoded()); } catch (Exception e) { - return ""; + return ""; } } else { return null; diff --git a/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java b/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java index 69803421a..e48b85a31 100644 --- a/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java +++ b/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java @@ -43,8 +43,8 @@ import com.netscape.certsrv.usrgrp.IUser; import com.netscape.cms.profile.common.EnrollProfile; /** - * This updater class will create the new user to the subsystem group and - * then add the subsystem certificate to the user. + * This updater class will create the new user to the subsystem group and then + * add the subsystem certificate to the user. * * @version $Revision$, $Date$ */ @@ -57,8 +57,7 @@ public class SubsystemGroupUpdater implements IProfileUpdater { private Vector mConfigNames = new Vector(); private Vector mValueNames = new Vector(); - private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = - "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; private final static String SIGNED_AUDIT_PASSWORD_VALUE = "********"; private final static String SIGNED_AUDIT_EMPTY_NAME_VALUE_PAIR = "Unknown"; private final static String SIGNED_AUDIT_NAME_VALUE_DELIMITER = ";;"; @@ -67,8 +66,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater { public SubsystemGroupUpdater() { } - public void init(IProfile profile, IConfigStore config) - throws EProfileException { + public void init(IProfile profile, IConfigStore config) + throws EProfileException { mConfig = config; mProfile = profile; mEnrollProfile = (EnrollProfile) profile; @@ -82,8 +81,7 @@ public class SubsystemGroupUpdater implements IProfileUpdater { return null; } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) throws EPropertyException { if (mConfig.getSubStore("params") == null) { // } else { @@ -108,8 +106,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater { return mConfig; } - public void update(IRequest req, RequestStatus status) - throws EProfileException { + public void update(IRequest req, RequestStatus status) + throws EProfileException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -119,41 +117,45 @@ public class SubsystemGroupUpdater implements IProfileUpdater { return; } - X509CertImpl cert = req.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); + X509CertImpl cert = req + .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); if (cert == null) return; IConfigStore mainConfig = CMS.getConfigStore(); - - int num=0; + + int num = 0; try { num = mainConfig.getInteger("subsystem.count", 0); - } catch (Exception e) {} + } catch (Exception e) { + } IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID)); String requestor_name = "subsystem"; try { - requestor_name = req.getExtDataInString("requestor_name"); + requestor_name = req.getExtDataInString("requestor_name"); } catch (Exception e1) { - // ignore + // ignore } // i.e. tps-1.2.3.4-4 String id = requestor_name; - + num++; mainConfig.putInteger("subsystem.count", num); - + try { mainConfig.commit(false); } catch (Exception e) { } - String auditParams = "Scope;;users+Operation;;OP_ADD+source;;SubsystemGroupUpdater" + - "+Resource;;"+ id + - "+fullname;;" + id + - "+state;;1" + - "+userType;;agentType+email;;<null>+password;;<null>+phone;;<null>"; + String auditParams = "Scope;;users+Operation;;OP_ADD+source;;SubsystemGroupUpdater" + + "+Resource;;" + + id + + "+fullname;;" + + id + + "+state;;1" + + "+userType;;agentType+email;;<null>+password;;<null>+phone;;<null>"; IUser user = null; CMS.debug("SubsystemGroupUpdater adduser"); @@ -171,11 +173,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater { system.addUser(user); CMS.debug("SubsystemGroupUpdater update: successfully add the user"); - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.SUCCESS, - auditParams); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.SUCCESS, auditParams); audit(auditMessage); String b64 = ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -192,57 +191,49 @@ public class SubsystemGroupUpdater implements IProfileUpdater { } b64 = sb.toString(); } catch (Exception ence) { - CMS.debug("SubsystemGroupUpdater update: user cert encoding failed: " + ence); + CMS.debug("SubsystemGroupUpdater update: user cert encoding failed: " + + ence); } - auditParams = "Scope;;certs+Operation;;OP_ADD+source;;SubsystemGroupUpdater" + - "+Resource;;"+ id + - "+cert;;"+ b64; + auditParams = "Scope;;certs+Operation;;OP_ADD+source;;SubsystemGroupUpdater" + + "+Resource;;" + id + "+cert;;" + b64; system.addUserCert(user); CMS.debug("SubsystemGroupUpdater update: successfully add the user certificate"); - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.SUCCESS, - auditParams); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.SUCCESS, auditParams); audit(auditMessage); } catch (LDAPException e) { CMS.debug("UpdateSubsystemGroup: update " + e.toString()); if (e.getLDAPResultCode() != LDAPException.ENTRY_ALREADY_EXISTS) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.FAILURE, auditParams); audit(auditMessage); - throw new EProfileException(e.toString()); + throw new EProfileException(e.toString()); } } catch (Exception e) { CMS.debug("UpdateSubsystemGroup: update addUser " + e.toString()); - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.FAILURE, auditParams); audit(auditMessage); throw new EProfileException(e.toString()); } IGroup group = null; String groupName = "Subsystem Group"; - auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;SubsystemGroupUpdater" + - "+Resource;;"+ groupName; + auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;SubsystemGroupUpdater" + + "+Resource;;" + groupName; try { group = system.getGroupFromName(groupName); - + auditParams += "+user;;"; Enumeration members = group.getMemberNames(); while (members.hasMoreElements()) { auditParams += (String) members.nextElement(); if (members.hasMoreElements()) { - auditParams +=","; + auditParams += ","; } } @@ -252,10 +243,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater { system.modifyGroup(group); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.SUCCESS, - auditParams); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.SUCCESS, auditParams); audit(auditMessage); CMS.debug("UpdateSubsystemGroup: update: successfully added the user to the group."); @@ -263,12 +252,10 @@ public class SubsystemGroupUpdater implements IProfileUpdater { CMS.debug("UpdateSubsystemGroup: update: user already a member of the group"); } } catch (Exception e) { - CMS.debug("UpdateSubsystemGroup update: modifyGroup " + e.toString()); - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams); + CMS.debug("UpdateSubsystemGroup update: modifyGroup " + + e.toString()); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.FAILURE, auditParams); audit(auditMessage); } } @@ -286,11 +273,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater { return; } - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null, + ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg); } private String auditSubjectID() { @@ -304,8 +288,7 @@ public class SubsystemGroupUpdater implements IProfileUpdater { SessionContext auditContext = SessionContext.getExistingContext(); if (auditContext != null) { - subjectID = (String) - auditContext.get(SessionContext.USER_ID); + subjectID = (String) auditContext.get(SessionContext.USER_ID); if (subjectID != null) { subjectID = subjectID.trim(); |