diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/profile')
89 files changed, 4519 insertions, 4541 deletions
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java index 68c706f5f..2f95f91bc 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import java.util.Enumeration; import java.util.Hashtable; import java.util.Locale; @@ -49,10 +48,9 @@ import com.netscape.certsrv.registry.IPluginRegistry; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.RequestStatus; - /** * This class implements a basic profile. - * + * * @version $Revision$, $Date$ */ public abstract class BasicProfile implements IProfile { @@ -76,8 +74,8 @@ public abstract class BasicProfile implements IProfile { public static final String PROP_NAME = "name"; public static final String PROP_DESC = "desc"; public static final String PROP_NO_DEFAULT = "noDefaultImpl"; - public static final String PROP_NO_CONSTRAINT= "noConstraintImpl"; - public static final String PROP_GENERIC_EXT_DEFAULT= "genericExtDefaultImpl"; + public static final String PROP_NO_CONSTRAINT = "noConstraintImpl"; + public static final String PROP_GENERIC_EXT_DEFAULT = "genericExtDefaultImpl"; protected IProfileSubsystem mOwner = null; protected IConfigStore mConfig = null; @@ -145,19 +143,19 @@ public abstract class BasicProfile implements IProfile { public IProfileAuthenticator getAuthenticator() throws EProfileException { try { IAuthSubsystem authSub = (IAuthSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); IProfileAuthenticator auth = (IProfileAuthenticator) - authSub.get(mAuthInstanceId); + authSub.get(mAuthInstanceId); - if (mAuthInstanceId != null && mAuthInstanceId.length() > 0 - && auth == null) { - throw new EProfileException("Cannot load " + + if (mAuthInstanceId != null && mAuthInstanceId.length() > 0 + && auth == null) { + throw new EProfileException("Cannot load " + mAuthInstanceId); } return auth; } catch (Exception e) { if (mAuthInstanceId != null) { - throw new EProfileException("Cannot load " + + throw new EProfileException("Cannot load " + mAuthInstanceId); } return null; @@ -167,7 +165,7 @@ public abstract class BasicProfile implements IProfile { public String getRequestorDN(IRequest request) { return null; } - + public String getAuthenticatorId() { return mAuthInstanceId; } @@ -185,7 +183,7 @@ public abstract class BasicProfile implements IProfile { * Initializes this profile. */ public void init(IProfileSubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { CMS.debug("BasicProfile: start init"); mOwner = owner; mConfig = config; @@ -214,7 +212,7 @@ public abstract class BasicProfile implements IProfile { mAuthzAcl = config.getString("authz.acl", ""); } catch (EBaseException e) { CMS.debug("BasicProfile: authentication class not found " + - e.toString()); + e.toString()); } // handle profile input plugins @@ -224,7 +222,7 @@ public abstract class BasicProfile implements IProfile { while (input_st.hasMoreTokens()) { String input_id = (String) input_st.nextToken(); - String inputClassId = inputStore.getString(input_id + "." + + String inputClassId = inputStore.getString(input_id + "." + PROP_CLASS_ID); IPluginInfo inputInfo = mRegistry.getPluginInfo("profileInput", inputClassId); @@ -234,12 +232,12 @@ public abstract class BasicProfile implements IProfile { try { input = (IProfileInput) - Class.forName(inputClass).newInstance(); + Class.forName(inputClass).newInstance(); } catch (Exception e) { // throw Exception - CMS.debug("BasicProfile: input plugin Class.forName " + - inputClass + " " + e.toString()); - throw new EBaseException( e.toString() ); + CMS.debug("BasicProfile: input plugin Class.forName " + + inputClass + " " + e.toString()); + throw new EBaseException(e.toString()); } IConfigStore inputConfig = inputStore.getSubStore(input_id); input.init(this, inputConfig); @@ -255,7 +253,7 @@ public abstract class BasicProfile implements IProfile { while (output_st.hasMoreTokens()) { String output_id = (String) output_st.nextToken(); - String outputClassId = outputStore.getString(output_id + "." + + String outputClassId = outputStore.getString(output_id + "." + PROP_CLASS_ID); IPluginInfo outputInfo = mRegistry.getPluginInfo("profileOutput", outputClassId); @@ -265,12 +263,12 @@ public abstract class BasicProfile implements IProfile { try { output = (IProfileOutput) - Class.forName(outputClass).newInstance(); + Class.forName(outputClass).newInstance(); } catch (Exception e) { // throw Exception - CMS.debug("BasicProfile: output plugin Class.forName " + - outputClass + " " + e.toString()); - throw new EBaseException( e.toString() ); + CMS.debug("BasicProfile: output plugin Class.forName " + + outputClass + " " + e.toString()); + throw new EBaseException(e.toString()); } IConfigStore outputConfig = outputStore.getSubStore(output_id); output.init(this, outputConfig); @@ -286,7 +284,7 @@ public abstract class BasicProfile implements IProfile { while (updater_st.hasMoreTokens()) { String updater_id = (String) updater_st.nextToken(); - String updaterClassId = updaterStore.getString(updater_id + "." + + String updaterClassId = updaterStore.getString(updater_id + "." + PROP_CLASS_ID); IPluginInfo updaterInfo = mRegistry.getPluginInfo("profileUpdater", updaterClassId); @@ -296,12 +294,12 @@ public abstract class BasicProfile implements IProfile { try { updater = (IProfileUpdater) - Class.forName(updaterClass).newInstance(); + Class.forName(updaterClass).newInstance(); } catch (Exception e) { // throw Exception - CMS.debug("BasicProfile: updater plugin Class.forName " + - updaterClass + " " + e.toString()); - throw new EBaseException( e.toString() ); + CMS.debug("BasicProfile: updater plugin Class.forName " + + updaterClass + " " + e.toString()); + throw new EBaseException(e.toString()); } IConfigStore updaterConfig = updaterStore.getSubStore(updater_id); updater.init(this, updaterConfig); @@ -325,15 +323,15 @@ public abstract class BasicProfile implements IProfile { String id = (String) st1.nextToken(); String defaultRoot = id + "." + PROP_DEFAULT; - String defaultClassId = policyStore.getString(defaultRoot + "." + + String defaultClassId = policyStore.getString(defaultRoot + "." + PROP_CLASS_ID); String constraintRoot = id + "." + PROP_CONSTRAINT; - String constraintClassId = - policyStore.getString(constraintRoot + "." + PROP_CLASS_ID); + String constraintClassId = + policyStore.getString(constraintRoot + "." + PROP_CLASS_ID); - createProfilePolicy(setId, id, defaultClassId, - constraintClassId, false); + createProfilePolicy(setId, id, defaultClassId, + constraintClassId, false); } } CMS.debug("BasicProfile: done init"); @@ -380,20 +378,20 @@ public abstract class BasicProfile implements IProfile { } public String getInput(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { return null; } public void setInput(String name, Locale locale, IRequest request, - String value) throws EProfileException { + String value) throws EProfileException { } public Enumeration<String> getProfilePolicySetIds() { return mPolicySet.keys(); } - public void deleteProfilePolicy(String setId, String policyId) - throws EProfileException { + public void deleteProfilePolicy(String setId, String policyId) + throws EProfileException { Vector<ProfilePolicy> policies = mPolicySet.get(setId); if (policies == null) { @@ -443,10 +441,10 @@ public abstract class BasicProfile implements IProfile { while (st1.hasMoreTokens()) { String e = st1.nextToken(); - if (!e.equals(setId)) + if (!e.equals(setId)) newlist1 = newlist1 + e + ","; } - if (!newlist1.equals("")) + if (!newlist1.equals("")) newlist1 = newlist1.substring(0, newlist1.length() - 1); policySetSubStore.putString(PROP_POLICY_LIST, newlist1); } @@ -454,8 +452,8 @@ public abstract class BasicProfile implements IProfile { } } - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); mConfig.commit(false); } catch (Exception e) { } @@ -496,8 +494,8 @@ public abstract class BasicProfile implements IProfile { mInputs.remove(inputId); mConfig.putString("input." + PROP_INPUT_LIST, newlist); - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); mConfig.commit(false); } catch (Exception e) { } @@ -537,24 +535,23 @@ public abstract class BasicProfile implements IProfile { mOutputs.remove(outputId); mConfig.putString("output." + PROP_OUTPUT_LIST, newlist); - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); mConfig.commit(false); } catch (Exception e) { } } - public IProfileOutput createProfileOutput(String id, String outputId, - NameValuePairs nvps) - throws EProfileException { - return createProfileOutput(id, outputId, nvps, true); + public IProfileOutput createProfileOutput(String id, String outputId, + NameValuePairs nvps) + throws EProfileException { + return createProfileOutput(id, outputId, nvps, true); } public IProfileOutput createProfileOutput(String id, String outputId, - NameValuePairs nvps, boolean createConfig) + NameValuePairs nvps, boolean createConfig) - - throws EProfileException { + throws EProfileException { IConfigStore outputStore = mConfig.getSubStore("output"); String output_list = null; @@ -618,7 +615,7 @@ public abstract class BasicProfile implements IProfile { String prefix = id + "."; outputStore.putString(prefix + "name", - outputInfo.getName(Locale.getDefault())); + outputInfo.getName(Locale.getDefault())); outputStore.putString(prefix + "class_id", outputId); Enumeration<String> enum1 = nvps.getNames(); @@ -628,17 +625,17 @@ public abstract class BasicProfile implements IProfile { outputStore.putString(prefix + "params." + name, nvps.getValue(name)); try { - if (output != null) { - output.setConfig(name, nvps.getValue(name)); - } + if (output != null) { + output.setConfig(name, nvps.getValue(name)); + } } catch (EBaseException e) { - CMS.debug(e.toString()); + CMS.debug(e.toString()); } } try { - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); mConfig.commit(false); } catch (EBaseException e) { CMS.debug(e.toString()); @@ -648,15 +645,15 @@ public abstract class BasicProfile implements IProfile { return output; } - public IProfileInput createProfileInput(String id, String inputId, - NameValuePairs nvps) - throws EProfileException { - return createProfileInput(id, inputId, nvps, true); + public IProfileInput createProfileInput(String id, String inputId, + NameValuePairs nvps) + throws EProfileException { + return createProfileInput(id, inputId, nvps, true); } public IProfileInput createProfileInput(String id, String inputId, - NameValuePairs nvps, boolean createConfig) - throws EProfileException { + NameValuePairs nvps, boolean createConfig) + throws EProfileException { IConfigStore inputStore = mConfig.getSubStore("input"); String input_list = null; @@ -720,10 +717,10 @@ public abstract class BasicProfile implements IProfile { } String prefix = id + "."; - inputStore.putString(prefix + "name", - inputInfo.getName(Locale.getDefault())); + inputStore.putString(prefix + "name", + inputInfo.getName(Locale.getDefault())); inputStore.putString(prefix + "class_id", inputId); - + Enumeration<String> enum1 = nvps.getNames(); while (enum1.hasMoreElements()) { @@ -731,17 +728,17 @@ public abstract class BasicProfile implements IProfile { inputStore.putString(prefix + "params." + name, nvps.getValue(name)); try { - if (input != null) { - input.setConfig(name, nvps.getValue(name)); - } + if (input != null) { + input.setConfig(name, nvps.getValue(name)); + } } catch (EBaseException e) { - CMS.debug(e.toString()); + CMS.debug(e.toString()); } } try { - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); mConfig.commit(false); } catch (EBaseException e) { CMS.debug(e.toString()); @@ -754,33 +751,33 @@ public abstract class BasicProfile implements IProfile { /** * Creates a profile policy */ - public IProfilePolicy createProfilePolicy(String setId, String id, - String defaultClassId, String constraintClassId) - throws EProfileException { - return createProfilePolicy(setId, id, defaultClassId, + public IProfilePolicy createProfilePolicy(String setId, String id, + String defaultClassId, String constraintClassId) + throws EProfileException { + return createProfilePolicy(setId, id, defaultClassId, constraintClassId, true); } - public IProfilePolicy createProfilePolicy(String setId, String id, - String defaultClassId, String constraintClassId, - boolean createConfig) - throws EProfileException { - + public IProfilePolicy createProfilePolicy(String setId, String id, + String defaultClassId, String constraintClassId, + boolean createConfig) + throws EProfileException { + // String setId ex: policyset.set1 // String id Id of policy : examples: p1,p2,p3 // String defaultClassId : id of the default plugin ex: validityDefaultImpl // String constraintClassId : if of the constraint plugin ex: basicConstraintsExtConstraintImpl // boolean createConfig : true : being called from the console. false: being called from server startup code - Vector<ProfilePolicy> policies = mPolicySet.get(setId); + Vector<ProfilePolicy> policies = mPolicySet.get(setId); IConfigStore policyStore = mConfig.getSubStore("policyset." + setId); if (policies == null) { policies = new Vector<ProfilePolicy>(); mPolicySet.put(setId, policies); - if (createConfig) { + if (createConfig) { // re-create policyset.list - StringBuffer setlist =new StringBuffer(); + StringBuffer setlist = new StringBuffer(); Enumeration<String> keys = mPolicySet.keys(); while (keys.hasMoreElements()) { @@ -794,50 +791,50 @@ public abstract class BasicProfile implements IProfile { mConfig.putString("policyset.list", setlist.toString()); } } else { - String ids = null; + String ids = null; - try { - ids = policyStore.getString(PROP_POLICY_LIST, ""); - } catch (Exception ee) { - } + try { + ids = policyStore.getString(PROP_POLICY_LIST, ""); + } catch (Exception ee) { + } - if( ids == null ) { - CMS.debug("BasicProfile::createProfilePolicy() - ids is null!" ); - return null; - } + if (ids == null) { + CMS.debug("BasicProfile::createProfilePolicy() - ids is null!"); + return null; + } - StringTokenizer st1 = new StringTokenizer(ids, ","); - int appearances = 0; - int appearancesTooMany = 0; - if (createConfig) - appearancesTooMany = 1; - else - appearancesTooMany = 2; + StringTokenizer st1 = new StringTokenizer(ids, ","); + int appearances = 0; + int appearancesTooMany = 0; + if (createConfig) + appearancesTooMany = 1; + else + appearancesTooMany = 2; - while (st1.hasMoreTokens()) { - String pid = st1.nextToken(); - if (pid.equals(id)) { - appearances++; - if (appearances >= appearancesTooMany) { - CMS.debug("WARNING detected duplicate policy id: " + id + " Profile: " + mId); - if (createConfig) { - throw new EProfileException("Duplicate policy id: " + id); - } + while (st1.hasMoreTokens()) { + String pid = st1.nextToken(); + if (pid.equals(id)) { + appearances++; + if (appearances >= appearancesTooMany) { + CMS.debug("WARNING detected duplicate policy id: " + id + " Profile: " + mId); + if (createConfig) { + throw new EProfileException("Duplicate policy id: " + id); } } } + } } // Now make sure we aren't trying to add a policy that already exists IConfigStore policySetStore = mConfig.getSubStore("policyset"); - String setlist = null; + String setlist = null; try { setlist = policySetStore.getString("list", ""); } catch (Exception e) { } StringTokenizer st = new StringTokenizer(setlist, ","); - int matches = 0; + int matches = 0; while (st.hasMoreTokens()) { String sId = (String) st.nextToken(); @@ -846,10 +843,10 @@ public abstract class BasicProfile implements IProfile { continue; } IConfigStore pStore = policySetStore.getSubStore(sId); - + String list = null; try { - list = pStore.getString(PROP_POLICY_LIST, ""); + list = pStore.getString(PROP_POLICY_LIST, ""); } catch (Exception e) { CMS.debug("WARNING, can't get policy id list!"); } @@ -862,9 +859,9 @@ public abstract class BasicProfile implements IProfile { String defaultRoot = curId + "." + PROP_DEFAULT; String curDefaultClassId = null; try { - curDefaultClassId = pStore.getString(defaultRoot + "." + - PROP_CLASS_ID); - } catch(Exception e) { + curDefaultClassId = pStore.getString(defaultRoot + "." + + PROP_CLASS_ID); + } catch (Exception e) { CMS.debug("WARNING, can't get default plugin id!"); } @@ -879,21 +876,20 @@ public abstract class BasicProfile implements IProfile { //Disallow duplicate defaults with the following exceptions: // noDefaultImpl, genericExtDefaultImpl - if ((curDefaultClassId.equals(defaultClassId) && - !curDefaultClassId.equals(PROP_NO_DEFAULT) && - !curDefaultClassId.equals(PROP_GENERIC_EXT_DEFAULT)) ) { + if ((curDefaultClassId.equals(defaultClassId) && + !curDefaultClassId.equals(PROP_NO_DEFAULT) && !curDefaultClassId.equals(PROP_GENERIC_EXT_DEFAULT))) { matches++; if (createConfig) { if (matches == 1) { - CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + constraintClassId + - " Contact System Administrator."); - throw new EProfileException("Attempt to add duplicate Policy : " + defaultClassId + ":" + constraintClassId); + CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + constraintClassId + + " Contact System Administrator."); + throw new EProfileException("Attempt to add duplicate Policy : " + defaultClassId + ":" + constraintClassId); } } else { - if( matches > 1) { - CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + constraintClassId + - " Contact System Administrator."); + if (matches > 1) { + CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + constraintClassId + + " Contact System Administrator."); } } } @@ -919,8 +915,8 @@ public abstract class BasicProfile implements IProfile { Class.forName(defaultClass).newInstance(); } catch (Exception e) { // throw Exception - CMS.debug("BasicProfile: default policy " + - defaultClass + " " + e.toString()); + CMS.debug("BasicProfile: default policy " + + defaultClass + " " + e.toString()); } if (def == null) { CMS.debug("BasicProfile: failed to create " + defaultClass); @@ -931,7 +927,7 @@ public abstract class BasicProfile implements IProfile { def.init(this, defStore); } - IPluginInfo conInfo = mRegistry.getPluginInfo("constraintPolicy", + IPluginInfo conInfo = mRegistry.getPluginInfo("constraintPolicy", constraintClassId); String constraintClass = conInfo.getClassName(); IPolicyConstraint constraint = null; @@ -941,8 +937,8 @@ public abstract class BasicProfile implements IProfile { Class.forName(constraintClass).newInstance(); } catch (Exception e) { // throw Exception - CMS.debug("BasicProfile: constraint policy " + - constraintClass + " " + e.toString()); + CMS.debug("BasicProfile: constraint policy " + + constraintClass + " " + e.toString()); } ProfilePolicy policy = null; if (constraint == null) { @@ -968,21 +964,21 @@ public abstract class BasicProfile implements IProfile { } else { policyStore.putString(PROP_POLICY_LIST, list + "," + id); } - policyStore.putString(id + ".default.name", - defInfo.getName(Locale.getDefault())); - policyStore.putString(id + ".default.class_id", - defaultClassId); - policyStore.putString(id + ".constraint.name", - conInfo.getName(Locale.getDefault())); - policyStore.putString(id + ".constraint.class_id", - constraintClassId); + policyStore.putString(id + ".default.name", + defInfo.getName(Locale.getDefault())); + policyStore.putString(id + ".default.class_id", + defaultClassId); + policyStore.putString(id + ".constraint.name", + conInfo.getName(Locale.getDefault())); + policyStore.putString(id + ".constraint.class_id", + constraintClassId); try { - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); policyStore.commit(false); } catch (EBaseException e) { - CMS.debug("BasicProfile: commiting config store " + - e.toString()); + CMS.debug("BasicProfile: commiting config store " + + e.toString()); } } @@ -990,7 +986,7 @@ public abstract class BasicProfile implements IProfile { } public IProfilePolicy getProfilePolicy(String setId, String id) { - Vector<ProfilePolicy> policies = mPolicySet.get(setId); + Vector<ProfilePolicy> policies = mPolicySet.get(setId); if (policies == null) return null; @@ -1038,7 +1034,7 @@ public abstract class BasicProfile implements IProfile { * Creates request. */ public abstract IRequest[] createRequests(IProfileContext ctx, Locale locale) - throws EProfileException; + throws EProfileException; /** * Returns the profile description. @@ -1056,19 +1052,19 @@ public abstract class BasicProfile implements IProfile { } public void populateInput(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { Enumeration<String> ids = getProfileInputIds(); while (ids.hasMoreElements()) { String id = (String) ids.nextElement(); - IProfileInput input = getProfileInput(id); + IProfileInput input = getProfileInput(id); input.populate(ctx, request); } } public Vector<ProfilePolicy> getPolicies(String setId) { - Vector<ProfilePolicy> policies = mPolicySet.get(setId); + Vector<ProfilePolicy> policies = mPolicySet.get(setId); return policies; } @@ -1076,34 +1072,34 @@ public abstract class BasicProfile implements IProfile { /** * Passes the request to the set of default policies that * populate the profile information against the profile. - */ + */ public void populate(IRequest request) - throws EProfileException { + throws EProfileException { String setId = getPolicySetId(request); Vector<ProfilePolicy> policies = getPolicies(setId); - CMS.debug("BasicProfile: populate() policy setid ="+ setId); + CMS.debug("BasicProfile: populate() policy setid =" + setId); for (int i = 0; i < policies.size(); i++) { ProfilePolicy policy = (ProfilePolicy) - policies.elementAt(i); + policies.elementAt(i); policy.getDefault().populate(request); } } /** - * Passes the request to the set of constraint policies + * Passes the request to the set of constraint policies * that validate the request against the profile. - */ + */ public void validate(IRequest request) - throws ERejectException { + throws ERejectException { String setId = getPolicySetId(request); - CMS.debug("BasicProfile: validate start on setId="+ setId); + CMS.debug("BasicProfile: validate start on setId=" + setId); Vector<ProfilePolicy> policies = getPolicies(setId); for (int i = 0; i < policies.size(); i++) { ProfilePolicy policy = (ProfilePolicy) - policies.elementAt(i); + policies.elementAt(i); policy.getConstraint().validate(request); } @@ -1130,24 +1126,24 @@ public abstract class BasicProfile implements IProfile { for (int i = 0; i < policies.size(); i++) { ProfilePolicy policy = (ProfilePolicy) - policies.elementAt(i); + policies.elementAt(i); - v.addElement(policy.getId()); + v.addElement(policy.getId()); } return v.elements(); } public void execute(IRequest request) - throws EProfileException { + throws EProfileException { } /** * Signed Audit Log - * + * * This method is inherited by all extended "BasicProfile"s, * and is called to store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -1159,20 +1155,20 @@ public abstract class BasicProfile implements IProfile { } mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } /** * Signed Audit Log Subject ID - * + * * This method is inherited by all extended "BasicProfile"s, * and is called to obtain the "SubjectID" for * a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { @@ -1202,4 +1198,3 @@ public abstract class BasicProfile implements IProfile { return subjectID; } } - diff --git a/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java index 681f2b4a5..cdaddef55 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.NameValuePairs; @@ -28,103 +27,101 @@ import com.netscape.certsrv.profile.IProfileInput; import com.netscape.certsrv.profile.IProfileOutput; import com.netscape.certsrv.profile.IProfilePolicy; - /** * This class implements a Certificate Manager enrollment * profile for CA Certificates. - * + * * @version $Revision$, $Date$ */ -public class CACertCAEnrollProfile extends CAEnrollProfile - implements IProfileEx { +public class CACertCAEnrollProfile extends CAEnrollProfile + implements IProfileEx { /** * Called after initialization. It populates default * policies, inputs, and outputs. */ - public void populate() throws EBaseException - { + public void populate() throws EBaseException { // create inputs NameValuePairs inputParams1 = new NameValuePairs(); - IProfileInput input1 = - createProfileInput("i1", "certReqInputImpl", inputParams1); + IProfileInput input1 = + createProfileInput("i1", "certReqInputImpl", inputParams1); NameValuePairs inputParams2 = new NameValuePairs(); - IProfileInput input2 = - createProfileInput("i2", "submitterInfoInputImpl", inputParams2); + IProfileInput input2 = + createProfileInput("i2", "submitterInfoInputImpl", inputParams2); // create outputs NameValuePairs outputParams1 = new NameValuePairs(); - IProfileOutput output1 = - createProfileOutput("o1", "certOutputImpl", outputParams1); + IProfileOutput output1 = + createProfileOutput("o1", "certOutputImpl", outputParams1); // create policies IProfilePolicy policy1 = - createProfilePolicy("set1", "p1", - "userSubjectNameDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p1", + "userSubjectNameDefaultImpl", "noConstraintImpl"); IPolicyDefault def1 = policy1.getDefault(); IConfigStore defConfig1 = def1.getConfigStore(); IPolicyConstraint con1 = policy1.getConstraint(); IConfigStore conConfig1 = con1.getConfigStore(); IProfilePolicy policy2 = - createProfilePolicy("set1", "p2", - "validityDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p2", + "validityDefaultImpl", "noConstraintImpl"); IPolicyDefault def2 = policy2.getDefault(); IConfigStore defConfig2 = def2.getConfigStore(); - defConfig2.putString("params.range","180"); - defConfig2.putString("params.startTime","0"); + defConfig2.putString("params.range", "180"); + defConfig2.putString("params.startTime", "0"); IPolicyConstraint con2 = policy2.getConstraint(); IConfigStore conConfig2 = con2.getConfigStore(); IProfilePolicy policy3 = - createProfilePolicy("set1", "p3", - "userKeyDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p3", + "userKeyDefaultImpl", "noConstraintImpl"); IPolicyDefault def3 = policy3.getDefault(); IConfigStore defConfig3 = def3.getConfigStore(); - defConfig3.putString("params.keyType","RSA"); - defConfig3.putString("params.keyMinLength","512"); - defConfig3.putString("params.keyMaxLength","4096"); + defConfig3.putString("params.keyType", "RSA"); + defConfig3.putString("params.keyMinLength", "512"); + defConfig3.putString("params.keyMaxLength", "4096"); IPolicyConstraint con3 = policy3.getConstraint(); IConfigStore conConfig3 = con3.getConfigStore(); IProfilePolicy policy4 = - createProfilePolicy("set1", "p4", - "signingAlgDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p4", + "signingAlgDefaultImpl", "noConstraintImpl"); IPolicyDefault def4 = policy4.getDefault(); IConfigStore defConfig4 = def4.getConfigStore(); - defConfig4.putString("params.signingAlg","-"); + defConfig4.putString("params.signingAlg", "-"); defConfig4.putString("params.signingAlgsAllowed", - "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA256withEC,SHA384withEC,SHA512withEC"); + "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA256withEC,SHA384withEC,SHA512withEC"); IPolicyConstraint con4 = policy4.getConstraint(); IConfigStore conConfig4 = con4.getConfigStore(); // extensions IProfilePolicy policy5 = - createProfilePolicy("set1", "p5", - "keyUsageExtDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p5", + "keyUsageExtDefaultImpl", "noConstraintImpl"); IPolicyDefault def5 = policy5.getDefault(); IConfigStore defConfig5 = def5.getConfigStore(); - defConfig5.putString("params.keyUsageCritical","true"); - defConfig5.putString("params.keyUsageCrlSign","true"); - defConfig5.putString("params.keyUsageDataEncipherment","false"); - defConfig5.putString("params.keyUsageDecipherOnly","false"); - defConfig5.putString("params.keyUsageDigitalSignature","true"); - defConfig5.putString("params.keyUsageEncipherOnly","false"); - defConfig5.putString("params.keyUsageKeyAgreement","false"); - defConfig5.putString("params.keyUsageKeyCertSign","true"); - defConfig5.putString("params.keyUsageKeyEncipherment","false"); - defConfig5.putString("params.keyUsageNonRepudiation","true"); + defConfig5.putString("params.keyUsageCritical", "true"); + defConfig5.putString("params.keyUsageCrlSign", "true"); + defConfig5.putString("params.keyUsageDataEncipherment", "false"); + defConfig5.putString("params.keyUsageDecipherOnly", "false"); + defConfig5.putString("params.keyUsageDigitalSignature", "true"); + defConfig5.putString("params.keyUsageEncipherOnly", "false"); + defConfig5.putString("params.keyUsageKeyAgreement", "false"); + defConfig5.putString("params.keyUsageKeyCertSign", "true"); + defConfig5.putString("params.keyUsageKeyEncipherment", "false"); + defConfig5.putString("params.keyUsageNonRepudiation", "true"); IPolicyConstraint con5 = policy5.getConstraint(); IConfigStore conConfig5 = con5.getConfigStore(); IProfilePolicy policy6 = - createProfilePolicy("set1", "p6", - "basicConstraintsExtDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p6", + "basicConstraintsExtDefaultImpl", "noConstraintImpl"); IPolicyDefault def6 = policy6.getDefault(); IConfigStore defConfig6 = def6.getConfigStore(); - defConfig6.putString("params.basicConstraintsPathLen","-1"); - defConfig6.putString("params.basicConstraintsIsCA","true"); - defConfig6.putString("params.basicConstraintsPathLen","-1"); + defConfig6.putString("params.basicConstraintsPathLen", "-1"); + defConfig6.putString("params.basicConstraintsIsCA", "true"); + defConfig6.putString("params.basicConstraintsPathLen", "-1"); IPolicyConstraint con6 = policy6.getConstraint(); IConfigStore conConfig6 = con6.getConfigStore(); } diff --git a/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java index 32cd51b5f..aa18acd3b 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import java.util.Enumeration; import netscape.security.x509.X500Name; @@ -41,27 +40,24 @@ import com.netscape.certsrv.profile.IProfileUpdater; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.RequestStatus; - /** * This class implements a Certificate Manager enrollment * profile. - * + * * @version $Revision$, $Date$ */ public class CAEnrollProfile extends EnrollProfile { - private final static String - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4"; - + private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4"; public CAEnrollProfile() { super(); } public IAuthority getAuthority() { - IAuthority authority = (IAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + IAuthority authority = (IAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); if (authority == null) return null; @@ -70,17 +66,17 @@ public class CAEnrollProfile extends EnrollProfile { public X500Name getIssuerName() { ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + CMS.getSubsystem(CMS.SUBSYSTEM_CA); X500Name issuerName = ca.getX500Name(); return issuerName; } public void execute(IRequest request) - throws EProfileException { + throws EProfileException { long startTime = CMS.getCurrentDate().getTime(); - + if (!isEnable()) { CMS.debug("CAEnrollProfile: Profile Not Enabled"); throw new EProfileException("Profile Not Enabled"); @@ -91,14 +87,13 @@ public class CAEnrollProfile extends EnrollProfile { String auditRequesterID = auditRequesterID(request); String auditArchiveID = ILogger.UNIDENTIFIED; - String id = request.getRequestId().toString(); if (id != null) { auditArchiveID = id.trim(); } - CMS.debug("CAEnrollProfile: execute reqId=" + - request.getRequestId().toString()); + CMS.debug("CAEnrollProfile: execute reqId=" + + request.getRequestId().toString()); ICertificateAuthority ca = (ICertificateAuthority) getAuthority(); ICAService caService = (ICAService) ca.getCAService(); @@ -113,41 +108,39 @@ public class CAEnrollProfile extends EnrollProfile { // do not archive keys for renewal requests if ((optionsData != null) && (!request.getRequestType().equals(IRequest.RENEWAL_REQUEST))) { PKIArchiveOptions options = (PKIArchiveOptions) - toPKIArchiveOptions(optionsData); + toPKIArchiveOptions(optionsData); if (options != null) { CMS.debug("CAEnrollProfile: execute found " + - "PKIArchiveOptions"); + "PKIArchiveOptions"); try { IConnector kraConnector = caService.getKRAConnector(); if (kraConnector == null) { CMS.debug("CAEnrollProfile: KRA connector " + - "not configured"); + "not configured"); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditArchiveID); + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditArchiveID); audit(auditMessage); - + } else { CMS.debug("CAEnrollProfile: execute send request"); kraConnector.send(request); - - // check response if (!request.isSuccess()) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditArchiveID); + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditArchiveID); audit(auditMessage); throw new ERejectException( @@ -155,17 +148,16 @@ public class CAEnrollProfile extends EnrollProfile { } auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditArchiveID); + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditArchiveID); audit(auditMessage); } } catch (Exception e) { - if (e instanceof ERejectException) { throw (ERejectException) e; } @@ -194,12 +186,12 @@ public class CAEnrollProfile extends EnrollProfile { sc.put("profileId", getId()); String setId = request.getExtDataInString("profileSetId"); if (setId != null) { - sc.put("profileSetId", setId); + sc.put("profileSetId", setId); } try { theCert = caService.issueX509Cert(info, getId() /* profileId */, - id /* requestId */); + id /* requestId */); } catch (EBaseException e) { CMS.debug(e.toString()); @@ -211,24 +203,24 @@ public class CAEnrollProfile extends EnrollProfile { String initiative = AuditFormat.FROMAGENT + " userID: " - + (String)sc.get(SessionContext.USER_ID); - String authMgr = (String)sc.get(SessionContext.AUTH_MANAGER_ID); + + (String) sc.get(SessionContext.USER_ID); + String authMgr = (String) sc.get(SessionContext.AUTH_MANAGER_ID); ILogger logger = CMS.getLogger(); - if( logger != null ) { - logger.log( ILogger.EV_AUDIT, - ILogger.S_OTHER, AuditFormat.LEVEL, AuditFormat.FORMAT, - new Object[] { - request.getRequestType(), - request.getRequestId(), - initiative, - authMgr, - "completed", - theCert.getSubjectDN(), - "cert issued serial number: 0x" + - theCert.getSerialNumber().toString(16) + - " time: " + (endTime - startTime) } - ); + if (logger != null) { + logger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, AuditFormat.LEVEL, AuditFormat.FORMAT, + new Object[] { + request.getRequestType(), + request.getRequestId(), + initiative, + authMgr, + "completed", + theCert.getSubjectDN(), + "cert issued serial number: 0x" + + theCert.getSerialNumber().toString(16) + + " time: " + (endTime - startTime) } + ); } request.setRequestStatus(RequestStatus.COMPLETE); @@ -236,9 +228,9 @@ public class CAEnrollProfile extends EnrollProfile { // notifies updater plugins Enumeration updaterIds = getProfileUpdaterIds(); while (updaterIds.hasMoreElements()) { - String updaterId = (String)updaterIds.nextElement(); - IProfileUpdater updater = getProfileUpdater(updaterId); - updater.update(request, RequestStatus.COMPLETE); + String updaterId = (String) updaterIds.nextElement(); + IProfileUpdater updater = getProfileUpdater(updaterId); + updater.update(request, RequestStatus.COMPLETE); } // set value for predicate value - checking in getRule @@ -248,4 +240,3 @@ public class CAEnrollProfile extends EnrollProfile { request.setExtData("isEncryptionCert", "false"); } } - diff --git a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java index 8bc6f1903..44d7454e0 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -99,21 +98,21 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.cmsutil.util.HMACDigest; - /** * This class implements a generic enrollment profile. - * + * * @version $Revision$, $Date$ */ -public abstract class EnrollProfile extends BasicProfile - implements IEnrollProfile { +public abstract class EnrollProfile extends BasicProfile + implements IEnrollProfile { private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST = - "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5"; + "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5"; private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = - "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; + "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; private PKIData mCMCData; + public EnrollProfile() { super(); } @@ -134,11 +133,11 @@ public abstract class EnrollProfile extends BasicProfile * Creates request. */ public IRequest[] createRequests(IProfileContext context, Locale locale) - throws EProfileException { + throws EProfileException { EnrollProfileContext ctx = (EnrollProfileContext) context; // determine how many requests should be created - String cert_request_type = ctx.get(CTX_CERT_REQUEST_TYPE); + String cert_request_type = ctx.get(CTX_CERT_REQUEST_TYPE); String cert_request = ctx.get(CTX_CERT_REQUEST); String is_renewal = ctx.get(CTX_RENEWAL); Integer renewal_seq_num = 0; @@ -175,10 +174,9 @@ public abstract class EnrollProfile extends BasicProfile if (renewal_seq_num_str != null) { renewal_seq_num = Integer.parseInt(renewal_seq_num_str); } else { - renewal_seq_num =0; + renewal_seq_num = 0; } } - // populate requests with appropriate content IRequest result[] = new IRequest[num_requests]; @@ -186,7 +184,7 @@ public abstract class EnrollProfile extends BasicProfile for (int i = 0; i < num_requests; i++) { result[i] = createEnrollmentRequest(); if ((is_renewal != null) && (is_renewal.equals("true"))) { - result[i].setExtData(REQUEST_SEQ_NUM,renewal_seq_num); + result[i].setExtData(REQUEST_SEQ_NUM, renewal_seq_num); } else { result[i].setExtData(REQUEST_SEQ_NUM, Integer.valueOf(i)); } @@ -211,32 +209,32 @@ public abstract class EnrollProfile extends BasicProfile 48, 92, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 1, 5, 0, 3, 75, 0, 48, 72, 2, 65, 0, -65, 121, -119, -59, 105, 66, -122, -78, -30, -64, 63, -47, 44, -48, -104, 103, -47, -108, - 42, -38, 46, -8, 32, 49, -29, -26, -112, -29, -86,71, 24, + 42, -38, 46, -8, 32, 49, -29, -26, -112, -29, -86, 71, 24, -104, 78, -31, -75, -128, 90, -92, -34, -51, -125, -13, 80, 101, -78, 39, -119, -38, 117, 28, 67, -19, -71, -124, -85, 105, -53, - -103, -59, -67, -38, -83, 118, 65, 2, 3, 1, 0, 1}; + -103, -59, -67, -38, -83, 118, 65, 2, 3, 1, 0, 1 }; // default values into x509 certinfo. This thing is // not serializable by default try { - info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); - info.set(X509CertInfo.SERIAL_NUMBER, - new CertificateSerialNumber(new BigInteger("0"))); - info.set(X509CertInfo.ISSUER, - new CertificateIssuerName(issuerName)); + info.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); + info.set(X509CertInfo.SERIAL_NUMBER, + new CertificateSerialNumber(new BigInteger("0"))); + info.set(X509CertInfo.ISSUER, + new CertificateIssuerName(issuerName)); info.set(X509CertInfo.KEY, - new CertificateX509Key(X509Key.parse(new DerValue(dummykey)))); - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(issuerName)); - info.set(X509CertInfo.VALIDITY, - new CertificateValidity(new Date(), new Date())); - info.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId( - AlgorithmId.getAlgorithmId("MD5withRSA"))); + new CertificateX509Key(X509Key.parse(new DerValue(dummykey)))); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(issuerName)); + info.set(X509CertInfo.VALIDITY, + new CertificateValidity(new Date(), new Date())); + info.set(X509CertInfo.ALGORITHM_ID, + new CertificateAlgorithmId( + AlgorithmId.getAlgorithmId("MD5withRSA"))); // add default extension container - info.set(X509CertInfo.EXTENSIONS, - new CertificateExtensions()); + info.set(X509CertInfo.EXTENSIONS, + new CertificateExtensions()); } catch (Exception e) { // throw exception - add key to template CMS.debug("EnrollProfile: Building X509CertInfo - " + e.toString()); @@ -246,7 +244,7 @@ public abstract class EnrollProfile extends BasicProfile } public IRequest createEnrollmentRequest() - throws EProfileException { + throws EProfileException { IRequest req = null; try { @@ -270,7 +268,7 @@ public abstract class EnrollProfile extends BasicProfile } public abstract void execute(IRequest request) - throws EProfileException; + throws EProfileException; /** * Perform simple policy set assignment. @@ -298,7 +296,7 @@ public abstract class EnrollProfile extends BasicProfile try { CertificateSubjectName sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); + info.get(X509CertInfo.SUBJECT); return sn.toString(); } catch (Exception e) { @@ -308,11 +306,11 @@ public abstract class EnrollProfile extends BasicProfile } /** - * This method is called after the user submits the + * This method is called after the user submits the * request from the end-entity page. */ public void submit(IAuthToken token, IRequest request) - throws EDeferException, EProfileException { + throws EDeferException, EProfileException { // Request Submission Logic: // // if (Authentication Failed) { @@ -325,18 +323,18 @@ public abstract class EnrollProfile extends BasicProfile // } // } - IAuthority authority = (IAuthority) - getAuthority(); + IAuthority authority = (IAuthority) + getAuthority(); IRequestQueue queue = authority.getRequestQueue(); - // this profile queues request that is authenticated - // by NoAuth - try { - queue.updateRequest(request); - } catch (EBaseException e) { - // save request to disk - CMS.debug("EnrollProfile: Update request " + e.toString()); - } + // this profile queues request that is authenticated + // by NoAuth + try { + queue.updateRequest(request); + } catch (EBaseException e) { + // save request to disk + CMS.debug("EnrollProfile: Update request " + e.toString()); + } if (token == null) { CMS.debug("EnrollProfile: auth token is null"); @@ -359,7 +357,7 @@ public abstract class EnrollProfile extends BasicProfile } public TaggedRequest[] parseCMC(Locale locale, String certreq) - throws EProfileException { + throws EProfileException { /* cert request must not be null */ if (certreq == null) { CMS.debug("EnrollProfile: parseCMC() certreq null"); @@ -374,15 +372,15 @@ public abstract class EnrollProfile extends BasicProfile try { byte data[] = CMS.AtoB(creq); ByteArrayInputStream cmcBlobIn = - new ByteArrayInputStream(data); - + new ByteArrayInputStream(data); + org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo) - org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); - org.mozilla.jss.pkix.cms.SignedData cmcFullReq = (org.mozilla.jss.pkix.cms.SignedData)cmcReq.getInterpretedContent(); - org.mozilla.jss.pkix.cms.EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); + org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); + org.mozilla.jss.pkix.cms.SignedData cmcFullReq = (org.mozilla.jss.pkix.cms.SignedData) cmcReq.getInterpretedContent(); + org.mozilla.jss.pkix.cms.EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); OBJECT_IDENTIFIER id = ci.getContentType(); OCTET_STRING content = ci.getContent(); - + ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray()); PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s); @@ -398,22 +396,22 @@ public abstract class EnrollProfile extends BasicProfile if (numcontrols > 0) { context.put("numOfControls", Integer.valueOf(numcontrols)); TaggedAttribute[] attributes = new TaggedAttribute[numcontrols]; - for (int i=0; i<numcontrols; i++) { - attributes[i] = (TaggedAttribute)controlSeq.elementAt(i); + for (int i = 0; i < numcontrols; i++) { + attributes[i] = (TaggedAttribute) controlSeq.elementAt(i); OBJECT_IDENTIFIER oid = attributes[i].getType(); if (oid.equals(OBJECT_IDENTIFIER.id_cmc_identityProof)) { - boolean valid = verifyIdentityProof(attributes[i], - reqSeq); + boolean valid = verifyIdentityProof(attributes[i], + reqSeq); if (!valid) { - SEQUENCE bpids = getRequestBpids(reqSeq); + SEQUENCE bpids = getRequestBpids(reqSeq); context.put("identityProof", bpids); return null; } } else if (oid.equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkRandom)) { SET vals = attributes[i].getValues(); - OCTET_STRING ostr = - (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); + OCTET_STRING ostr = + (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); randomSeed = ostr.toByteArray(); } else { context.put(attributes[i].getType(), attributes[i]); @@ -421,18 +419,18 @@ public abstract class EnrollProfile extends BasicProfile } } } - + SEQUENCE otherMsgSeq = pkiData.getOtherMsgSequence(); int numOtherMsgs = otherMsgSeq.size(); if (!context.containsKey("numOfOtherMsgs")) { context.put("numOfOtherMsgs", Integer.valueOf(numOtherMsgs)); - for (int i=0; i<numOtherMsgs; i++) { - OtherMsg omsg =(OtherMsg)(ASN1Util.decode(OtherMsg.getTemplate(), - ASN1Util.encode(otherMsgSeq.elementAt(i)))); - context.put("otherMsg"+i, omsg); + for (int i = 0; i < numOtherMsgs; i++) { + OtherMsg omsg = (OtherMsg) (ASN1Util.decode(OtherMsg.getTemplate(), + ASN1Util.encode(otherMsgSeq.elementAt(i)))); + context.put("otherMsg" + i, omsg); } } - + int nummsgs = reqSeq.size(); if (nummsgs > 0) { msgs = new TaggedRequest[reqSeq.size()]; @@ -445,7 +443,7 @@ public abstract class EnrollProfile extends BasicProfile valid = verifyPOPLinkWitness(randomSeed, msgs[i], bpids); if (!valid || bpids.size() > 0) { context.put("POPLinkWitness", bpids); - return null; + return null; } } } @@ -462,7 +460,7 @@ public abstract class EnrollProfile extends BasicProfile } private boolean verifyPOPLinkWitness(byte[] randomSeed, TaggedRequest req, - SEQUENCE bpids) { + SEQUENCE bpids) { ISharedToken tokenClass = null; boolean sharedSecretFound = true; String name = null; @@ -477,15 +475,15 @@ public abstract class EnrollProfile extends BasicProfile } try { - tokenClass = (ISharedToken)Class.forName(name).newInstance(); + tokenClass = (ISharedToken) Class.forName(name).newInstance(); } catch (ClassNotFoundException e) { - CMS.debug("EnrollProfile: Failed to find class name: "+name); + CMS.debug("EnrollProfile: Failed to find class name: " + name); sharedSecretFound = false; } catch (InstantiationException e) { - CMS.debug("EnrollProfile: Failed to instantiate class: "+name); + CMS.debug("EnrollProfile: Failed to instantiate class: " + name); sharedSecretFound = false; } catch (IllegalAccessException e) { - CMS.debug("EnrollProfile: Illegal access: "+name); + CMS.debug("EnrollProfile: Illegal access: " + name); sharedSecretFound = false; } @@ -494,7 +492,7 @@ public abstract class EnrollProfile extends BasicProfile String sharedSecret = null; if (tokenClass != null) sharedSecret = tokenClass.getSharedToken(mCMCData); - if (req.getType().equals(TaggedRequest.PKCS10)) { + if (req.getType().equals(TaggedRequest.PKCS10)) { TaggedCertificationRequest tcr = req.getTcr(); if (!sharedSecretFound) { bpids.addElement(tcr.getBodyPartID()); @@ -503,25 +501,25 @@ public abstract class EnrollProfile extends BasicProfile CertificationRequest creq = tcr.getCertificationRequest(); CertificationRequestInfo cinfo = creq.getInfo(); SET attrs = cinfo.getAttributes(); - for (int j=0; j<attrs.size(); j++) { - Attribute pkcs10Attr = (Attribute)attrs.elementAt(j); + for (int j = 0; j < attrs.size(); j++) { + Attribute pkcs10Attr = (Attribute) attrs.elementAt(j); if (pkcs10Attr.getType().equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) { SET witnessVal = pkcs10Attr.getValues(); if (witnessVal.size() > 0) { try { OCTET_STRING str = - (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(witnessVal.elementAt(0)))); + (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(witnessVal.elementAt(0)))); bv = str.toByteArray(); return verifyDigest(sharedSecret.getBytes(), - randomSeed, bv); + randomSeed, bv); } catch (InvalidBERException ex) { return false; } } - } + } } - + return false; } } else if (req.getType().equals(TaggedRequest.CRMF)) { @@ -535,14 +533,14 @@ public abstract class EnrollProfile extends BasicProfile for (int i = 0; i < certReq.numControls(); i++) { AVA ava = certReq.controlAt(i); - if (ava.getOID().equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) { + if (ava.getOID().equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) { ASN1Value value = ava.getValue(); ByteArrayInputStream bis = new ByteArrayInputStream( - ASN1Util.encode(value)); + ASN1Util.encode(value)); OCTET_STRING ostr = null; try { ostr = (OCTET_STRING) - (new OCTET_STRING.Template()).decode(bis); + (new OCTET_STRING.Template()).decode(bis); bv = ostr.toByteArray(); } catch (Exception e) { bpids.addElement(reqId); @@ -550,7 +548,7 @@ public abstract class EnrollProfile extends BasicProfile } boolean valid = verifyDigest(sharedSecret.getBytes(), - randomSeed, bv); + randomSeed, bv); if (!valid) { bpids.addElement(reqId); return valid; @@ -569,7 +567,7 @@ public abstract class EnrollProfile extends BasicProfile MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1"); key = SHA1Digest.digest(sharedSecret); } catch (NoSuchAlgorithmException ex) { - CMS.debug("EnrollProfile: No such algorithm for this message digest."); + CMS.debug("EnrollProfile: No such algorithm for this message digest."); return false; } @@ -580,7 +578,7 @@ public abstract class EnrollProfile extends BasicProfile hmacDigest.update(text); finalDigest = hmacDigest.digest(); } catch (NoSuchAlgorithmException ex) { - CMS.debug("EnrollProfile: No such algorithm for this message digest."); + CMS.debug("EnrollProfile: No such algorithm for this message digest."); return false; } @@ -589,9 +587,9 @@ public abstract class EnrollProfile extends BasicProfile return false; } - for (int j=0; j<bv.length; j++) { + for (int j = 0; j < bv.length; j++) { if (bv[j] != finalDigest[j]) { - CMS.debug("EnrollProfile: The content of two HMAC digest are not the same."); + CMS.debug("EnrollProfile: The content of two HMAC digest are not the same."); return false; } } @@ -633,23 +631,23 @@ public abstract class EnrollProfile extends BasicProfile else { ISharedToken tokenClass = null; try { - tokenClass = (ISharedToken)Class.forName(name).newInstance(); + tokenClass = (ISharedToken) Class.forName(name).newInstance(); } catch (ClassNotFoundException e) { - CMS.debug("EnrollProfile: Failed to find class name: "+name); + CMS.debug("EnrollProfile: Failed to find class name: " + name); return false; } catch (InstantiationException e) { - CMS.debug("EnrollProfile: Failed to instantiate class: "+name); + CMS.debug("EnrollProfile: Failed to instantiate class: " + name); return false; } catch (IllegalAccessException e) { - CMS.debug("EnrollProfile: Illegal access: "+name); + CMS.debug("EnrollProfile: Illegal access: " + name); return false; } - + String token = tokenClass.getSharedToken(mCMCData); OCTET_STRING ostr = null; try { - ostr = (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); + ostr = (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); } catch (InvalidBERException e) { CMS.debug("EnrollProfile: Failed to decode the byte value."); return false; @@ -662,34 +660,34 @@ public abstract class EnrollProfile extends BasicProfile } public void fillTaggedRequest(Locale locale, TaggedRequest tagreq, X509CertInfo info, - IRequest req) - throws EProfileException { + IRequest req) + throws EProfileException { TaggedRequest.Type type = tagreq.getType(); - if (type.equals(TaggedRequest.PKCS10)) { + if (type.equals(TaggedRequest.PKCS10)) { try { - TaggedCertificationRequest tcr = tagreq.getTcr(); - CertificationRequest p10 = tcr.getCertificationRequest(); - ByteArrayOutputStream ostream = new ByteArrayOutputStream(); + TaggedCertificationRequest tcr = tagreq.getTcr(); + CertificationRequest p10 = tcr.getCertificationRequest(); + ByteArrayOutputStream ostream = new ByteArrayOutputStream(); - p10.encode(ostream); + p10.encode(ostream); PKCS10 pkcs10 = new PKCS10(ostream.toByteArray()); req.setExtData("bodyPartId", tcr.getBodyPartID()); fillPKCS10(locale, pkcs10, info, req); } catch (Exception e) { - CMS.debug("EnrollProfile: fillTaggedRequest " + - e.toString()); + CMS.debug("EnrollProfile: fillTaggedRequest " + + e.toString()); } - } else if (type.equals(TaggedRequest.CRMF)) { - CertReqMsg crm = tagreq.getCrm(); + } else if (type.equals(TaggedRequest.CRMF)) { + CertReqMsg crm = tagreq.getCrm(); SessionContext context = SessionContext.getContext(); - Integer nums = (Integer)(context.get("numOfControls")); + Integer nums = (Integer) (context.get("numOfControls")); // check if the LRA POP Witness Control attribute exists if (nums != null && nums.intValue() > 0) { - TaggedAttribute attr = - (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness)); + TaggedAttribute attr = + (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness)); if (attr != null) { parseLRAPopWitness(locale, crm, attr); } else { @@ -708,42 +706,42 @@ public abstract class EnrollProfile extends BasicProfile } } - private void parseLRAPopWitness(Locale locale, CertReqMsg crm, - TaggedAttribute attr) throws EProfileException { + private void parseLRAPopWitness(Locale locale, CertReqMsg crm, + TaggedAttribute attr) throws EProfileException { SET vals = attr.getValues(); boolean donePOP = false; INTEGER reqId = null; if (vals.size() > 0) { LraPopWitness lraPop = null; try { - lraPop = (LraPopWitness)(ASN1Util.decode(LraPopWitness.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); + lraPop = (LraPopWitness) (ASN1Util.decode(LraPopWitness.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); } catch (InvalidBERException e) { throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR")); + CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR")); } SEQUENCE bodyIds = lraPop.getBodyIds(); reqId = crm.getCertReq().getCertReqId(); - for (int i=0; i<bodyIds.size(); i++) { - INTEGER num = (INTEGER)(bodyIds.elementAt(i)); + for (int i = 0; i < bodyIds.size(); i++) { + INTEGER num = (INTEGER) (bodyIds.elementAt(i)); if (num.toString().equals(reqId.toString())) { donePOP = true; - CMS.debug("EnrollProfile: skip POP for request: "+reqId.toString()+ " because LRA POP Witness control is found."); + CMS.debug("EnrollProfile: skip POP for request: " + reqId.toString() + " because LRA POP Witness control is found."); break; } } } if (!donePOP) { - CMS.debug("EnrollProfile: not skip POP for request: "+reqId.toString()+" because this request id is not part of the body list in LRA Pop witness control."); + CMS.debug("EnrollProfile: not skip POP for request: " + reqId.toString() + " because this request id is not part of the body list in LRA Pop witness control."); verifyPOP(locale, crm); } } public CertReqMsg[] parseCRMF(Locale locale, String certreq) - throws EProfileException { + throws EProfileException { /* cert request must not be null */ if (certreq == null) { @@ -758,10 +756,10 @@ public abstract class EnrollProfile extends BasicProfile try { byte data[] = CMS.AtoB(creq); ByteArrayInputStream crmfBlobIn = - new ByteArrayInputStream(data); + new ByteArrayInputStream(data); SEQUENCE crmfMsgs = (SEQUENCE) - new SEQUENCE.OF_Template(new - CertReqMsg.Template()).decode(crmfBlobIn); + new SEQUENCE.OF_Template(new + CertReqMsg.Template()).decode(crmfBlobIn); int nummsgs = crmfMsgs.size(); if (nummsgs <= 0) @@ -779,17 +777,17 @@ public abstract class EnrollProfile extends BasicProfile } private static final OBJECT_IDENTIFIER PKIARCHIVEOPTIONS_OID = - new OBJECT_IDENTIFIER(new long[] {1, 3, 6, 1, 5, 5, 7, 5, 1, 4} - ); + new OBJECT_IDENTIFIER(new long[] { 1, 3, 6, 1, 5, 5, 7, 5, 1, 4 } + ); - protected PKIArchiveOptions getPKIArchiveOptions(AVA ava) { - ASN1Value archVal = ava.getValue(); + protected PKIArchiveOptions getPKIArchiveOptions(AVA ava) { + ASN1Value archVal = ava.getValue(); ByteArrayInputStream bis = new ByteArrayInputStream( - ASN1Util.encode(archVal)); + ASN1Util.encode(archVal)); PKIArchiveOptions archOpts = null; - try { - archOpts = (PKIArchiveOptions) + try { + archOpts = (PKIArchiveOptions) (new PKIArchiveOptions.Template()).decode(bis); } catch (Exception e) { CMS.debug("EnrollProfile: getPKIArchiveOptions " + e.toString()); @@ -801,8 +799,8 @@ public abstract class EnrollProfile extends BasicProfile ByteArrayInputStream bis = new ByteArrayInputStream(options); PKIArchiveOptions archOpts = null; - try { - archOpts = (PKIArchiveOptions) + try { + archOpts = (PKIArchiveOptions) (new PKIArchiveOptions.Template()).decode(bis); } catch (Exception e) { CMS.debug("EnrollProfile: toPKIArchiveOptions " + e.toString()); @@ -810,13 +808,13 @@ public abstract class EnrollProfile extends BasicProfile return archOpts; } - public byte[] toByteArray(PKIArchiveOptions options) { + public byte[] toByteArray(PKIArchiveOptions options) { return ASN1Util.encode(options); } public void fillCertReqMsg(Locale locale, CertReqMsg certReqMsg, X509CertInfo info, - IRequest req) - throws EProfileException { + IRequest req) + throws EProfileException { try { CMS.debug("Start parseCertReqMsg "); CertRequest certReq = certReqMsg.getCertReq(); @@ -825,12 +823,12 @@ public abstract class EnrollProfile extends BasicProfile for (int i = 0; i < certReq.numControls(); i++) { AVA ava = certReq.controlAt(i); - if (ava.getOID().equals(PKIARCHIVEOPTIONS_OID)) { + if (ava.getOID().equals(PKIARCHIVEOPTIONS_OID)) { PKIArchiveOptions opt = getPKIArchiveOptions(ava); //req.set(REQUEST_ARCHIVE_OPTIONS, opt); - req.setExtData(REQUEST_ARCHIVE_OPTIONS, - toByteArray(opt)); + req.setExtData(REQUEST_ARCHIVE_OPTIONS, + toByteArray(opt)); } } @@ -856,7 +854,7 @@ public abstract class EnrollProfile extends BasicProfile // parse validity if (certTemplate.getNotBefore() != null || - certTemplate.getNotAfter() != null) { + certTemplate.getNotAfter() != null) { CMS.debug("EnrollProfile: requested notBefore: " + certTemplate.getNotBefore()); CMS.debug("EnrollProfile: requested notAfter: " + certTemplate.getNotAfter()); CMS.debug("EnrollProfile: current CA time: " + new Date()); @@ -874,7 +872,7 @@ public abstract class EnrollProfile extends BasicProfile if (certTemplate.hasSubject()) { Name subjectdn = certTemplate.getSubject(); ByteArrayOutputStream subjectEncStream = - new ByteArrayOutputStream(); + new ByteArrayOutputStream(); subjectdn.encode(subjectEncStream); byte[] subjectEnc = subjectEncStream.toByteArray(); @@ -886,18 +884,20 @@ public abstract class EnrollProfile extends BasicProfile req.setExtData(REQUEST_SUBJECT_NAME, new CertificateSubjectName(subject)); try { - String subjectCN = subject.getCommonName(); - if (subjectCN == null) subjectCN = ""; - req.setExtData(REQUEST_SUBJECT_NAME+".cn", subjectCN); + String subjectCN = subject.getCommonName(); + if (subjectCN == null) + subjectCN = ""; + req.setExtData(REQUEST_SUBJECT_NAME + ".cn", subjectCN); } catch (Exception ee) { - req.setExtData(REQUEST_SUBJECT_NAME+".cn", ""); + req.setExtData(REQUEST_SUBJECT_NAME + ".cn", ""); } try { String subjectUID = subject.getUserID(); - if (subjectUID == null) subjectUID = ""; - req.setExtData(REQUEST_SUBJECT_NAME+".uid", subjectUID); + if (subjectUID == null) + subjectUID = ""; + req.setExtData(REQUEST_SUBJECT_NAME + ".uid", subjectUID); } catch (Exception ee) { - req.setExtData(REQUEST_SUBJECT_NAME+".uid", ""); + req.setExtData(REQUEST_SUBJECT_NAME + ".uid", ""); } } @@ -921,10 +921,10 @@ public abstract class EnrollProfile extends BasicProfile for (int j = 0; j < numexts; j++) { org.mozilla.jss.pkix.cert.Extension jssext = - certTemplate.extensionAt(j); + certTemplate.extensionAt(j); boolean isCritical = jssext.getCritical(); org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = - jssext.getExtnId(); + jssext.getExtnId(); long[] numbers = jssoid.getNumbers(); int[] oidNumbers = new int[numbers.length]; @@ -932,17 +932,17 @@ public abstract class EnrollProfile extends BasicProfile oidNumbers[k] = (int) numbers[k]; } ObjectIdentifier oid = - new ObjectIdentifier(oidNumbers); + new ObjectIdentifier(oidNumbers); org.mozilla.jss.asn1.OCTET_STRING jssvalue = - jssext.getExtnValue(); + jssext.getExtnValue(); ByteArrayOutputStream jssvalueout = - new ByteArrayOutputStream(); + new ByteArrayOutputStream(); jssvalue.encode(jssvalueout); byte[] extValue = jssvalueout.toByteArray(); Extension ext = - new Extension(oid, isCritical, extValue); + new Extension(oid, isCritical, extValue); extensions.parseExtension(ext); } @@ -965,7 +965,7 @@ public abstract class EnrollProfile extends BasicProfile } public PKCS10 parsePKCS10(Locale locale, String certreq) - throws EProfileException { + throws EProfileException { /* cert request must not be null */ if (certreq == null) { CMS.debug("EnrollProfile:parsePKCS10() certreq null"); @@ -996,7 +996,7 @@ public abstract class EnrollProfile extends BasicProfile CMS.debug("EnrollProfile: parsePKCS10: use internal token"); signToken = cm.getInternalCryptoToken(); } else { - CMS.debug("EnrollProfile: parsePKCS10: tokenName="+ tokenName); + CMS.debug("EnrollProfile: parsePKCS10: tokenName=" + tokenName); signToken = cm.getTokenByName(tokenName); } CMS.debug("EnrollProfile: parsePKCS10 setting thread token"); @@ -1021,7 +1021,7 @@ public abstract class EnrollProfile extends BasicProfile } public void fillPKCS10(Locale locale, PKCS10 pkcs10, X509CertInfo info, IRequest req) - throws EProfileException { + throws EProfileException { X509Key key = pkcs10.getSubjectPublicKeyInfo(); try { @@ -1033,18 +1033,20 @@ public abstract class EnrollProfile extends BasicProfile req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME, new CertificateSubjectName(pkcs10.getSubjectName())); try { - String subjectCN = pkcs10.getSubjectName().getCommonName(); - if (subjectCN == null) subjectCN = ""; - req.setExtData(REQUEST_SUBJECT_NAME+".cn", subjectCN); + String subjectCN = pkcs10.getSubjectName().getCommonName(); + if (subjectCN == null) + subjectCN = ""; + req.setExtData(REQUEST_SUBJECT_NAME + ".cn", subjectCN); } catch (Exception ee) { - req.setExtData(REQUEST_SUBJECT_NAME+".cn", ""); + req.setExtData(REQUEST_SUBJECT_NAME + ".cn", ""); } try { String subjectUID = pkcs10.getSubjectName().getUserID(); - if (subjectUID == null) subjectUID = ""; - req.setExtData(REQUEST_SUBJECT_NAME+".uid", subjectUID); + if (subjectUID == null) + subjectUID = ""; + req.setExtData(REQUEST_SUBJECT_NAME + ".uid", subjectUID); } catch (Exception ee) { - req.setExtData(REQUEST_SUBJECT_NAME+".uid", ""); + req.setExtData(REQUEST_SUBJECT_NAME + ".uid", ""); } info.set(X509CertInfo.KEY, certKey); @@ -1052,11 +1054,12 @@ public abstract class EnrollProfile extends BasicProfile PKCS10Attributes p10Attrs = pkcs10.getAttributes(); if (p10Attrs != null) { PKCS10Attribute p10Attr = (PKCS10Attribute) - (p10Attrs.getAttribute(CertificateExtensions.NAME)); + (p10Attrs.getAttribute(CertificateExtensions.NAME)); if (p10Attr != null && p10Attr.getAttributeId().equals( - PKCS9Attribute.EXTENSION_REQUEST_OID)) { CMS.debug("Found PKCS10 extension"); + PKCS9Attribute.EXTENSION_REQUEST_OID)) { + CMS.debug("Found PKCS10 extension"); Extensions exts0 = (Extensions) - (p10Attr.getAttributeValue()); + (p10Attr.getAttributeValue()); DerOutputStream extOut = new DerOutputStream(); exts0.encode(extOut); @@ -1070,8 +1073,8 @@ public abstract class EnrollProfile extends BasicProfile } } else { CMS.debug("PKCS10 extension Not Found"); - } - } + } + } CMS.debug("Finish parsePKCS10 - " + pkcs10.getSubjectName()); } catch (IOException e) { @@ -1085,60 +1088,58 @@ public abstract class EnrollProfile extends BasicProfile } } + // for netkey + public void fillNSNKEY(Locale locale, String sn, String skey, X509CertInfo info, IRequest req) + throws EProfileException { - // for netkey - public void fillNSNKEY(Locale locale, String sn, String skey, X509CertInfo info, IRequest req) - throws EProfileException { + try { + //cfu - is the algorithm going to be replaced by the policy? + X509Key key = new X509Key(); + key.decode(CMS.AtoB(skey)); + + info.set(X509CertInfo.KEY, new CertificateX509Key(key)); + // req.set(EnrollProfile.REQUEST_SUBJECT_NAME, + // new CertificateSubjectName(new + // X500Name("CN="+sn))); + req.setExtData("screenname", sn); + // keeping "aoluid" to be backward compatible + req.setExtData("aoluid", sn); + req.setExtData("uid", sn); + CMS.debug("EnrollPrifile: fillNSNKEY(): uid=" + sn); - try { - //cfu - is the algorithm going to be replaced by the policy? - X509Key key = new X509Key(); - key.decode(CMS.AtoB(skey)); - - info.set(X509CertInfo.KEY, new CertificateX509Key(key)); - // req.set(EnrollProfile.REQUEST_SUBJECT_NAME, - // new CertificateSubjectName(new - // X500Name("CN="+sn))); - req.setExtData("screenname", sn); - // keeping "aoluid" to be backward compatible - req.setExtData("aoluid", sn); - req.setExtData("uid", sn); - CMS.debug("EnrollPrifile: fillNSNKEY(): uid="+sn); - - } catch (Exception e) { - CMS.debug("EnrollProfile: fillNSNKEY(): "+e.toString()); + } catch (Exception e) { + CMS.debug("EnrollProfile: fillNSNKEY(): " + e.toString()); throw new EProfileException( CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); - } } + } - // for house key - public void fillNSHKEY(Locale locale, String tcuid, String skey, X509CertInfo info, IRequest req) - throws EProfileException { + // for house key + public void fillNSHKEY(Locale locale, String tcuid, String skey, X509CertInfo info, IRequest req) + throws EProfileException { - try { - //cfu - is the algorithm going to be replaced by the policy? - X509Key key = new X509Key(); - key.decode(CMS.AtoB(skey)); + try { + //cfu - is the algorithm going to be replaced by the policy? + X509Key key = new X509Key(); + key.decode(CMS.AtoB(skey)); - info.set(X509CertInfo.KEY, new CertificateX509Key(key)); - // req.set(EnrollProfile.REQUEST_SUBJECT_NAME, - // new CertificateSubjectName(new - // X500Name("CN="+sn))); - req.setExtData("tokencuid", tcuid); + info.set(X509CertInfo.KEY, new CertificateX509Key(key)); + // req.set(EnrollProfile.REQUEST_SUBJECT_NAME, + // new CertificateSubjectName(new + // X500Name("CN="+sn))); + req.setExtData("tokencuid", tcuid); - CMS.debug("EnrollPrifile: fillNSNKEY(): tokencuid="+tcuid); + CMS.debug("EnrollPrifile: fillNSNKEY(): tokencuid=" + tcuid); - } catch (Exception e) { - CMS.debug("EnrollProfile: fillNSHKEY(): "+e.toString()); + } catch (Exception e) { + CMS.debug("EnrollProfile: fillNSHKEY(): " + e.toString()); throw new EProfileException( CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); - } } - + } public DerInputStream parseKeyGen(Locale locale, String certreq) - throws EProfileException { + throws EProfileException { byte data[] = CMS.AtoB(certreq); DerInputStream derIn = new DerInputStream(data); @@ -1147,8 +1148,8 @@ public abstract class EnrollProfile extends BasicProfile } public void fillKeyGen(Locale locale, DerInputStream derIn, X509CertInfo info, IRequest req - ) - throws EProfileException { + ) + throws EProfileException { try { /* get SPKAC Algorithm & Signature */ @@ -1229,27 +1230,26 @@ public abstract class EnrollProfile extends BasicProfile /** * Populate input * <P> - * - * (either all "agent" profile cert requests NOT made through a connector, - * or all "EE" profile cert requests NOT made through a connector) + * + * (either all "agent" profile cert requests NOT made through a connector, or all "EE" profile cert requests NOT made through a connector) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a - * profile cert request is made (before approval process) + * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a profile cert request is made (before approval process) * </ul> + * * @param ctx profile context * @param request the certificate request * @exception EProfileException an error related to this profile has - * occurred + * occurred */ public void populateInput(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { super.populateInput(ctx, request); } public void populate(IRequest request) - throws EProfileException { + throws EProfileException { super.populate(request); } @@ -1259,7 +1259,7 @@ public abstract class EnrollProfile extends BasicProfile * that validate the request against the profile. */ public void validate(IRequest request) - throws ERejectException { + throws ERejectException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(request); @@ -1272,7 +1272,7 @@ public abstract class EnrollProfile extends BasicProfile try { CertificateSubjectName sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); + info.get(X509CertInfo.SUBJECT); // if the cert subject name is NOT MISSING, retrieve the // actual "auditCertificateSubjectName" and "normalize" it @@ -1348,12 +1348,12 @@ public abstract class EnrollProfile extends BasicProfile /** * Signed Audit Log Requester ID - * + * * This method is inherited by all extended "EnrollProfile"s, * and is called to obtain the "RequesterID" for * a signed audit log message. * <P> - * + * * @param request the actual request * @return id string containing the signed audit log message RequesterID */ @@ -1379,12 +1379,12 @@ public abstract class EnrollProfile extends BasicProfile /** * Signed Audit Log Profile ID - * + * * This method is inherited by all extended "EnrollProfile"s, * and is called to obtain the "ProfileID" for * a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message ProfileID */ protected String auditProfileID() { @@ -1405,7 +1405,7 @@ public abstract class EnrollProfile extends BasicProfile } public void verifyPOP(Locale locale, CertReqMsg certReqMsg) - throws EProfileException { + throws EProfileException { CMS.debug("EnrollProfile ::in verifyPOP"); String auditMessage = null; @@ -1429,32 +1429,31 @@ public abstract class EnrollProfile extends BasicProfile CMS.debug("POP verification using internal token"); certReqMsg.verify(); } else { - CMS.debug("POP verification using token:"+ tokenName); + CMS.debug("POP verification using token:" + tokenName); verifyToken = cm.getTokenByName(tokenName); certReqMsg.verify(verifyToken); } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.SUCCESS ); - audit( auditMessage ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.SUCCESS); + audit(auditMessage); } catch (Exception e) { - CMS.debug("Failed POP verify! "+e.toString()); + CMS.debug("Failed POP verify! " + e.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.FAILURE ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.FAILURE); - audit( auditMessage ); + audit(auditMessage); throw new EProfileException(CMS.getUserMessage(locale, "CMS_POP_VERIFICATION_ERROR")); } } } - diff --git a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java index 199aa7943..3610520fd 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java @@ -17,17 +17,15 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import com.netscape.certsrv.profile.IProfileContext; - /** * This class implements an enrollment profile context * that carries information for request creation. - * + * * @version $Revision$, $Date$ */ -public class EnrollProfileContext extends ProfileContext - implements IProfileContext { +public class EnrollProfileContext extends ProfileContext + implements IProfileContext { } diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java b/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java index 147d9c820..7a275b1e6 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java @@ -17,15 +17,13 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import java.util.Hashtable; import com.netscape.certsrv.profile.IProfileContext; - /** * This class implements the profile context. - * + * * @version $Revision$, $Date$ */ public class ProfileContext implements IProfileContext { diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java b/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java index a0f0ed250..a8a90aef9 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java @@ -17,17 +17,15 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import com.netscape.certsrv.profile.IPolicyConstraint; import com.netscape.certsrv.profile.IPolicyDefault; import com.netscape.certsrv.profile.IProfilePolicy; - /** * This class implements a profile policy that * contains a default policy and a constraint * policy. - * + * * @version $Revision$, $Date$ */ public class ProfilePolicy implements IProfilePolicy { diff --git a/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java index f82e73138..ed028ceeb 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import java.util.Enumeration; import netscape.security.x509.X500Name; @@ -35,11 +34,10 @@ import com.netscape.certsrv.request.IRequestListener; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.RequestStatus; - /** - * This class implements a Registration Manager + * This class implements a Registration Manager * enrollment profile. - * + * * @version $Revision$, $Date$ */ public class RAEnrollProfile extends EnrollProfile { @@ -49,8 +47,8 @@ public class RAEnrollProfile extends EnrollProfile { } public IAuthority getAuthority() { - IAuthority authority = (IAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + IAuthority authority = (IAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_RA); if (authority == null) return null; @@ -59,15 +57,14 @@ public class RAEnrollProfile extends EnrollProfile { public X500Name getIssuerName() { IRegistrationAuthority ra = (IRegistrationAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + CMS.getSubsystem(CMS.SUBSYSTEM_RA); X500Name issuerName = ra.getX500Name(); return issuerName; } public void execute(IRequest request) - throws EProfileException { - + throws EProfileException { if (!isEnable()) { CMS.debug("CAEnrollProfile: Profile Not Enabled"); @@ -75,14 +72,13 @@ public class RAEnrollProfile extends EnrollProfile { } IRegistrationAuthority ra = - (IRegistrationAuthority) getAuthority(); + (IRegistrationAuthority) getAuthority(); IRAService raService = (IRAService) ra.getRAService(); if (raService == null) { throw new EProfileException("No RA Service"); } - IRequestQueue queue = ra.getRequestQueue(); // send request to CA @@ -94,13 +90,13 @@ public class RAEnrollProfile extends EnrollProfile { } else { caConnector.send(request); // check response - if (!request.isSuccess()) { + if (!request.isSuccess()) { CMS.debug("RAEnrollProfile error talking to CA setting req status to SVC_PENDING"); request.setRequestStatus(RequestStatus.SVC_PENDING); try { - queue.updateRequest(request); + queue.updateRequest(request); } catch (EBaseException e) { CMS.debug("RAEnrollProfile: Update request " + e.toString()); } diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java index 4a18ff14d..f71d8b23a 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.NameValuePairs; @@ -28,91 +27,89 @@ import com.netscape.certsrv.profile.IProfileInput; import com.netscape.certsrv.profile.IProfileOutput; import com.netscape.certsrv.profile.IProfilePolicy; - /** * This class implements a Certificate Manager enrollment * profile for Server Certificates. - * + * * @version $Revision$, $Date$ */ -public class ServerCertCAEnrollProfile extends CAEnrollProfile - implements IProfileEx { +public class ServerCertCAEnrollProfile extends CAEnrollProfile + implements IProfileEx { /** * Called after initialization. It populates default * policies, inputs, and outputs. */ - public void populate() throws EBaseException - { + public void populate() throws EBaseException { // create inputs NameValuePairs inputParams1 = new NameValuePairs(); IProfileInput input1 = - createProfileInput("i1", "certReqInputImpl", inputParams1); + createProfileInput("i1", "certReqInputImpl", inputParams1); NameValuePairs inputParams2 = new NameValuePairs(); IProfileInput input2 = - createProfileInput("i2", "submitterInfoInputImpl", inputParams2); + createProfileInput("i2", "submitterInfoInputImpl", inputParams2); // create outputs NameValuePairs outputParams1 = new NameValuePairs(); IProfileOutput output1 = - createProfileOutput("o1", "certOutputImpl", outputParams1); + createProfileOutput("o1", "certOutputImpl", outputParams1); IProfilePolicy policy1 = - createProfilePolicy("set1", "p1", - "userSubjectNameDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p1", + "userSubjectNameDefaultImpl", "noConstraintImpl"); IPolicyDefault def1 = policy1.getDefault(); IConfigStore defConfig1 = def1.getConfigStore(); IPolicyConstraint con1 = policy1.getConstraint(); IConfigStore conConfig1 = con1.getConfigStore(); IProfilePolicy policy2 = - createProfilePolicy("set1", "p2", - "validityDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p2", + "validityDefaultImpl", "noConstraintImpl"); IPolicyDefault def2 = policy2.getDefault(); IConfigStore defConfig2 = def2.getConfigStore(); - defConfig2.putString("params.range","180"); - defConfig2.putString("params.startTime","0"); + defConfig2.putString("params.range", "180"); + defConfig2.putString("params.startTime", "0"); IPolicyConstraint con2 = policy2.getConstraint(); IConfigStore conConfig2 = con2.getConfigStore(); IProfilePolicy policy3 = - createProfilePolicy("set1", "p3", - "userKeyDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p3", + "userKeyDefaultImpl", "noConstraintImpl"); IPolicyDefault def3 = policy3.getDefault(); IConfigStore defConfig3 = def3.getConfigStore(); - defConfig3.putString("params.keyType","RSA"); - defConfig3.putString("params.keyMinLength","512"); - defConfig3.putString("params.keyMaxLength","4096"); + defConfig3.putString("params.keyType", "RSA"); + defConfig3.putString("params.keyMinLength", "512"); + defConfig3.putString("params.keyMaxLength", "4096"); IPolicyConstraint con3 = policy3.getConstraint(); IConfigStore conConfig3 = con3.getConfigStore(); IProfilePolicy policy4 = - createProfilePolicy("set1", "p4", - "signingAlgDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p4", + "signingAlgDefaultImpl", "noConstraintImpl"); IPolicyDefault def4 = policy4.getDefault(); IConfigStore defConfig4 = def4.getConfigStore(); - defConfig4.putString("params.signingAlg","-"); + defConfig4.putString("params.signingAlg", "-"); defConfig4.putString("params.signingAlgsAllowed", - "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); + "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); IPolicyConstraint con4 = policy4.getConstraint(); IConfigStore conConfig4 = con4.getConfigStore(); - IProfilePolicy policy5 = - createProfilePolicy("set1", "p5", - "keyUsageExtDefaultImpl", "noConstraintImpl"); - IPolicyDefault def5 = policy5.getDefault(); - IConfigStore defConfig5 = def5.getConfigStore(); - defConfig5.putString("params.keyUsageCritical","true"); - defConfig5.putString("params.keyUsageCrlSign","false"); - defConfig5.putString("params.keyUsageDataEncipherment","true"); - defConfig5.putString("params.keyUsageDecipherOnly","false"); - defConfig5.putString("params.keyUsageDigitalSignature","true"); - defConfig5.putString("params.keyUsageEncipherOnly","false"); - defConfig5.putString("params.keyUsageKeyAgreement","false"); - defConfig5.putString("params.keyUsageKeyCertSign","false"); - defConfig5.putString("params.keyUsageKeyEncipherment","true"); - defConfig5.putString("params.keyUsageNonRepudiation","true"); - IPolicyConstraint con5 = policy5.getConstraint(); + IProfilePolicy policy5 = + createProfilePolicy("set1", "p5", + "keyUsageExtDefaultImpl", "noConstraintImpl"); + IPolicyDefault def5 = policy5.getDefault(); + IConfigStore defConfig5 = def5.getConfigStore(); + defConfig5.putString("params.keyUsageCritical", "true"); + defConfig5.putString("params.keyUsageCrlSign", "false"); + defConfig5.putString("params.keyUsageDataEncipherment", "true"); + defConfig5.putString("params.keyUsageDecipherOnly", "false"); + defConfig5.putString("params.keyUsageDigitalSignature", "true"); + defConfig5.putString("params.keyUsageEncipherOnly", "false"); + defConfig5.putString("params.keyUsageKeyAgreement", "false"); + defConfig5.putString("params.keyUsageKeyCertSign", "false"); + defConfig5.putString("params.keyUsageKeyEncipherment", "true"); + defConfig5.putString("params.keyUsageNonRepudiation", "true"); + IPolicyConstraint con5 = policy5.getConstraint(); IConfigStore conConfig5 = con5.getConfigStore(); } diff --git a/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java index 7d4254bff..34cd4bf54 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.NameValuePairs; @@ -28,94 +27,92 @@ import com.netscape.certsrv.profile.IProfileInput; import com.netscape.certsrv.profile.IProfileOutput; import com.netscape.certsrv.profile.IProfilePolicy; - /** * This class implements a Certificate Manager enrollment * profile for User Certificates. - * + * * @version $Revision$, $Date$ */ -public class UserCertCAEnrollProfile extends CAEnrollProfile - implements IProfileEx { +public class UserCertCAEnrollProfile extends CAEnrollProfile + implements IProfileEx { /** * Called after initialization. It populates default * policies, inputs, and outputs. */ - public void populate() throws EBaseException - { + public void populate() throws EBaseException { // create inputs NameValuePairs inputParams1 = new NameValuePairs(); IProfileInput input1 = - createProfileInput("i1", "keyGenInputImpl", inputParams1); + createProfileInput("i1", "keyGenInputImpl", inputParams1); NameValuePairs inputParams2 = new NameValuePairs(); IProfileInput input2 = - createProfileInput("i2", "subjectNameInputImpl", inputParams2); + createProfileInput("i2", "subjectNameInputImpl", inputParams2); NameValuePairs inputParams3 = new NameValuePairs(); IProfileInput input3 = - createProfileInput("i3", "submitterInfoInputImpl", inputParams2); + createProfileInput("i3", "submitterInfoInputImpl", inputParams2); // create outputs NameValuePairs outputParams1 = new NameValuePairs(); IProfileOutput output1 = - createProfileOutput("o1", "certOutputImpl", outputParams1); + createProfileOutput("o1", "certOutputImpl", outputParams1); // create policies IProfilePolicy policy1 = - createProfilePolicy("set1", "p1", - "userSubjectNameDefaultImpl", "noConstraintImpl"); - IPolicyDefault def1 = policy1.getDefault(); - IConfigStore defConfig1 = def1.getConfigStore(); - IPolicyConstraint con1 = policy1.getConstraint(); + createProfilePolicy("set1", "p1", + "userSubjectNameDefaultImpl", "noConstraintImpl"); + IPolicyDefault def1 = policy1.getDefault(); + IConfigStore defConfig1 = def1.getConfigStore(); + IPolicyConstraint con1 = policy1.getConstraint(); IConfigStore conConfig1 = con1.getConfigStore(); IProfilePolicy policy2 = - createProfilePolicy("set1", "p2", - "validityDefaultImpl", "noConstraintImpl"); - IPolicyDefault def2 = policy2.getDefault(); - IConfigStore defConfig2 = def2.getConfigStore(); - defConfig2.putString("params.range","180"); - defConfig2.putString("params.startTime","0"); - IPolicyConstraint con2 = policy2.getConstraint(); + createProfilePolicy("set1", "p2", + "validityDefaultImpl", "noConstraintImpl"); + IPolicyDefault def2 = policy2.getDefault(); + IConfigStore defConfig2 = def2.getConfigStore(); + defConfig2.putString("params.range", "180"); + defConfig2.putString("params.startTime", "0"); + IPolicyConstraint con2 = policy2.getConstraint(); IConfigStore conConfig2 = con2.getConfigStore(); IProfilePolicy policy3 = - createProfilePolicy("set1", "p3", - "userKeyDefaultImpl", "noConstraintImpl"); - IPolicyDefault def3 = policy3.getDefault(); - IConfigStore defConfig3 = def3.getConfigStore(); - defConfig3.putString("params.keyType","RSA"); - defConfig3.putString("params.keyMinLength","512"); - defConfig3.putString("params.keyMaxLength","4096"); - IPolicyConstraint con3 = policy3.getConstraint(); + createProfilePolicy("set1", "p3", + "userKeyDefaultImpl", "noConstraintImpl"); + IPolicyDefault def3 = policy3.getDefault(); + IConfigStore defConfig3 = def3.getConfigStore(); + defConfig3.putString("params.keyType", "RSA"); + defConfig3.putString("params.keyMinLength", "512"); + defConfig3.putString("params.keyMaxLength", "4096"); + IPolicyConstraint con3 = policy3.getConstraint(); IConfigStore conConfig3 = con3.getConfigStore(); IProfilePolicy policy4 = - createProfilePolicy("set1", "p4", - "signingAlgDefaultImpl", "noConstraintImpl"); - IPolicyDefault def4 = policy4.getDefault(); - IConfigStore defConfig4 = def4.getConfigStore(); - defConfig4.putString("params.signingAlg","-"); + createProfilePolicy("set1", "p4", + "signingAlgDefaultImpl", "noConstraintImpl"); + IPolicyDefault def4 = policy4.getDefault(); + IConfigStore defConfig4 = def4.getConfigStore(); + defConfig4.putString("params.signingAlg", "-"); defConfig4.putString("params.signingAlgsAllowed", - "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); - IPolicyConstraint con4 = policy4.getConstraint(); + "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); + IPolicyConstraint con4 = policy4.getConstraint(); IConfigStore conConfig4 = con4.getConfigStore(); IProfilePolicy policy5 = - createProfilePolicy("set1", "p5", - "keyUsageExtDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p5", + "keyUsageExtDefaultImpl", "noConstraintImpl"); IPolicyDefault def5 = policy5.getDefault(); IConfigStore defConfig5 = def5.getConfigStore(); - defConfig5.putString("params.keyUsageCritical","true"); - defConfig5.putString("params.keyUsageCrlSign","false"); - defConfig5.putString("params.keyUsageDataEncipherment","false"); - defConfig5.putString("params.keyUsageDecipherOnly","false"); - defConfig5.putString("params.keyUsageDigitalSignature","true"); - defConfig5.putString("params.keyUsageEncipherOnly","false"); - defConfig5.putString("params.keyUsageKeyAgreement","false"); - defConfig5.putString("params.keyUsageKeyCertSign","false"); - defConfig5.putString("params.keyUsageKeyEncipherment","true"); - defConfig5.putString("params.keyUsageNonRepudiation","true"); + defConfig5.putString("params.keyUsageCritical", "true"); + defConfig5.putString("params.keyUsageCrlSign", "false"); + defConfig5.putString("params.keyUsageDataEncipherment", "false"); + defConfig5.putString("params.keyUsageDecipherOnly", "false"); + defConfig5.putString("params.keyUsageDigitalSignature", "true"); + defConfig5.putString("params.keyUsageEncipherOnly", "false"); + defConfig5.putString("params.keyUsageKeyAgreement", "false"); + defConfig5.putString("params.keyUsageKeyCertSign", "false"); + defConfig5.putString("params.keyUsageKeyEncipherment", "true"); + defConfig5.putString("params.keyUsageNonRepudiation", "true"); IPolicyConstraint con5 = policy5.getConstraint(); IConfigStore conConfig5 = con5.getConfigStore(); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java index 4e4c2f603..303522781 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.io.IOException; import java.util.Locale; @@ -40,24 +39,23 @@ import com.netscape.cms.profile.def.BasicConstraintsExtDefault; import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserExtensionDefault; - /** * This class implements the basic constraints extension constraint. * It checks if the basic constraint in the certificate * template satisfies the criteria. - * + * * @version $Revision$, $Date$ */ public class BasicConstraintsExtConstraint extends EnrollConstraint { - public static final String CONFIG_CRITICAL = - "basicConstraintsCritical"; - public static final String CONFIG_IS_CA = - "basicConstraintsIsCA"; - public static final String CONFIG_MIN_PATH_LEN = - "basicConstraintsMinPathLen"; - public static final String CONFIG_MAX_PATH_LEN = - "basicConstraintsMaxPathLen"; + public static final String CONFIG_CRITICAL = + "basicConstraintsCritical"; + public static final String CONFIG_IS_CA = + "basicConstraintsIsCA"; + public static final String CONFIG_MIN_PATH_LEN = + "basicConstraintsMinPathLen"; + public static final String CONFIG_MAX_PATH_LEN = + "basicConstraintsMaxPathLen"; public BasicConstraintsExtConstraint() { super(); @@ -71,25 +69,25 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { * Initializes this constraint plugin. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_CRITICAL)) { + return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_IS_CA)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA")); } else if (name.equals(CONFIG_MIN_PATH_LEN)) { - return new Descriptor(IDescriptor.INTEGER, null, + return new Descriptor(IDescriptor.INTEGER, null, "-1", CMS.getUserMessage(locale, "CMS_PROFILE_MIN_PATH_LEN")); } else if (name.equals(CONFIG_MAX_PATH_LEN)) { - return new Descriptor(IDescriptor.INTEGER, null, + return new Descriptor(IDescriptor.INTEGER, null, "100", CMS.getUserMessage(locale, "CMS_PROFILE_MAX_PATH_LEN")); } @@ -101,20 +99,20 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { CertificateExtensions exts = null; try { BasicConstraintsExtension ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), - info); + getExtension(PKIXExtensions.BasicConstraints_Id.toString(), + info); if (ext == null) { throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - PKIXExtensions.BasicConstraints_Id.toString())); + getLocale(request), + "CMS_PROFILE_EXTENSION_NOT_FOUND", + PKIXExtensions.BasicConstraints_Id.toString())); } // check criticality @@ -125,10 +123,10 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { if (critical != ext.isCritical()) { throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CRITICAL_NOT_MATCHED")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_CRITICAL_NOT_MATCHED")); } - } + } value = getConfig(CONFIG_IS_CA); if (!isOptional(value)) { boolean isCA = getBoolean(value); @@ -136,10 +134,10 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { if (isCA != extIsCA.booleanValue()) { throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_IS_CA")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_IS_CA")); } - } + } value = getConfig(CONFIG_MIN_PATH_LEN); if (!isOptional(value)) { int pathLen = getInt(value); @@ -148,8 +146,8 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { if (pathLen > extPathLen.intValue()) { CMS.debug("BasicCOnstraintsExtConstraint: pathLen=" + pathLen + " > extPathLen=" + extPathLen); throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MIN_PATH")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MIN_PATH")); } } value = getConfig(CONFIG_MAX_PATH_LEN); @@ -160,17 +158,17 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { if (pathLen < extPathLen.intValue()) { CMS.debug("BasicCOnstraintsExtConstraint: pathLen=" + pathLen + " < extPathLen=" + extPathLen); throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MAX_PATH")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MAX_PATH")); } } } catch (IOException e) { CMS.debug("BasicConstraintsExt: validate " + e.toString()); throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - PKIXExtensions.BasicConstraints_Id.toString())); + getLocale(request), + "CMS_PROFILE_EXTENSION_NOT_FOUND", + PKIXExtensions.BasicConstraints_Id.toString())); } } @@ -182,8 +180,8 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { getConfig(CONFIG_MAX_PATH_LEN) }; - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_TEXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_TEXT", params); } @@ -198,8 +196,7 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { } public void setConfig(String name, String value) - throws EPropertyException { - + throws EPropertyException { if (mConfig.getSubStore("params") == null) { CMS.debug("BasicConstraintsExt: mConfig.getSubStore is null"); @@ -208,8 +205,7 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { CMS.debug("BasicConstraintsExt: setConfig name " + name + " value " + value); - if(name.equals(CONFIG_MAX_PATH_LEN)) - { + if (name.equals(CONFIG_MAX_PATH_LEN)) { String minPathLen = getConfig(CONFIG_MIN_PATH_LEN); @@ -217,13 +213,12 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { int maxLen = getInt(value); - if(minLen >= maxLen) { + if (minLen >= maxLen) { CMS.debug("BasicConstraintExt: minPathLen >= maxPathLen!"); throw new EPropertyException("bad value"); } - } mConfig.getSubStore("params").putString(name, value); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java index 9759af73d..c0a9758da 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java @@ -17,13 +17,11 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import netscape.security.x509.X509CertImpl; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.ca.ICertificateAuthority; - /** * This class represents an abstract class for CA enrollment * constraint. @@ -42,7 +40,7 @@ public abstract class CAEnrollConstraint extends EnrollConstraint { */ public X509CertImpl getCACert() { ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + CMS.getSubsystem(CMS.SUBSYSTEM_CA); X509CertImpl caCert = ca.getCACert(); return caCert; diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java index 4d89e7391..e118fa215 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.io.IOException; import java.util.Date; import java.util.Locale; @@ -38,12 +37,11 @@ import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserValidityDefault; import com.netscape.cms.profile.def.ValidityDefault; - /** * This class implements the validity constraint. * It checks if the validity in the certificate * template is within the CA's validity. - * + * * @version $Revision$, $Date$ */ public class CAValidityConstraint extends CAEnrollConstraint { @@ -56,7 +54,7 @@ public class CAValidityConstraint extends CAEnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); X509CertImpl caCert = getCACert(); @@ -69,7 +67,7 @@ public class CAValidityConstraint extends CAEnrollConstraint { * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { CMS.debug("CAValidityConstraint: validate start"); CertificateValidity v = null; @@ -99,15 +97,15 @@ public class CAValidityConstraint extends CAEnrollConstraint { } if (mDefNotBefore != null) { - CMS.debug("ValidtyConstraint: notBefore=" + notBefore + - " defNotBefore=" + mDefNotBefore); + CMS.debug("ValidtyConstraint: notBefore=" + notBefore + + " defNotBefore=" + mDefNotBefore); if (notBefore.before(mDefNotBefore)) { throw new ERejectException(CMS.getUserMessage( getLocale(request), "CMS_PROFILE_INVALID_NOT_BEFORE")); } } - CMS.debug("ValidtyConstraint: notAfter=" + notAfter + - " defNotAfter=" + mDefNotAfter); + CMS.debug("ValidtyConstraint: notAfter=" + notAfter + + " defNotAfter=" + mDefNotAfter); if (notAfter.after(mDefNotAfter)) { throw new ERejectException(CMS.getUserMessage( getLocale(request), "CMS_PROFILE_INVALID_NOT_AFTER")); @@ -122,8 +120,8 @@ public class CAValidityConstraint extends CAEnrollConstraint { mDefNotAfter.toString() }; - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_CA_VALIDITY_CONSTRAINT_TEXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_CONSTRAINT_CA_VALIDITY_CONSTRAINT_TEXT", params); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java index 0723a72c3..b16a7d94b 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -39,10 +38,9 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements the generic enrollment constraint. - * + * * @version $Revision$, $Date$ */ public abstract class EnrollConstraint implements IPolicyConstraint { @@ -81,7 +79,7 @@ public abstract class EnrollConstraint implements IPolicyConstraint { } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (mConfig.getSubStore("params") == null) { // } else { @@ -105,46 +103,46 @@ public abstract class EnrollConstraint implements IPolicyConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mConfig = config; } public IConfigStore getConfigStore() { return mConfig; - } + } /** * Validates the request. The request is not modified * during the validation. - * + * * @param request enrollment request * @param info certificate template * @exception ERejectException request is rejected due - * to violation of constraint + * to violation of constraint */ public abstract void validate(IRequest request, X509CertInfo info) - throws ERejectException; + throws ERejectException; /** * Validates the request. The request is not modified * during the validation. - * + * * The current implementation of this method calls * into the subclass's validate(request, info) * method for validation checking. - * + * * @param request request * @exception ERejectException request is rejected due - * to violation of constraint + * to violation of constraint */ public void validate(IRequest request) - throws ERejectException { + throws ERejectException { String name = getClass().getName(); name = name.substring(name.lastIndexOf('.') + 1); CMS.debug(name + ": validate start"); X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); validate(request, info); diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java index 539f4890f..9c8e04784 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.util.Enumeration; import java.util.Locale; import java.util.StringTokenizer; @@ -40,19 +39,18 @@ import com.netscape.cms.profile.def.ExtendedKeyUsageExtDefault; import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserExtensionDefault; - /** * This class implements the extended key usage extension constraint. * It checks if the extended key usage extension in the certificate * template satisfies the criteria. - * + * * @version $Revision$, $Date$ */ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint { public static final String CONFIG_CRITICAL = "exKeyUsageCritical"; public static final String CONFIG_OIDS = - "exKeyUsageOIDs"; + "exKeyUsageOIDs"; public ExtendedKeyUsageExtConstraint() { super(); @@ -61,20 +59,20 @@ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_CRITICAL)) { + return new Descriptor(IDescriptor.CHOICE, "true,false,-", + "-", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_OIDS)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_OIDS")); - } + } return null; } @@ -83,16 +81,16 @@ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint { * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { ExtendedKeyUsageExtension ext = (ExtendedKeyUsageExtension) - getExtension(ExtendedKeyUsageExtension.OID, info); + getExtension(ExtendedKeyUsageExtension.OID, info); if (ext == null) { throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - ExtendedKeyUsageExtension.OID)); + getLocale(request), + "CMS_PROFILE_EXTENSION_NOT_FOUND", + ExtendedKeyUsageExtension.OID)); } // check criticality @@ -104,10 +102,10 @@ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint { if (critical != ext.isCritical()) { throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_CRITICAL_NOT_MATCHED")); + getLocale(request), + "CMS_PROFILE_CRITICAL_NOT_MATCHED")); } - } + } // Build local cache of configured OIDs Vector mCache = new Vector(); @@ -122,15 +120,15 @@ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint { // check OIDs Enumeration e = ext.getOIDs(); - while (e.hasMoreElements()) { + while (e.hasMoreElements()) { ObjectIdentifier oid = (ObjectIdentifier) e.nextElement(); if (!mCache.contains(oid.toString())) { throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_OID_NOT_MATCHED", - oid.toString())); + getLocale(request), + "CMS_PROFILE_OID_NOT_MATCHED", + oid.toString())); } } } @@ -141,7 +139,7 @@ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint { getConfig(CONFIG_OIDS) }; - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_EXTENDED_KEY_EXT_TEXT", params); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java index cda51a07c..1562fddb8 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.util.Locale; import netscape.security.x509.Extension; @@ -37,12 +36,11 @@ import com.netscape.cms.profile.def.EnrollExtDefault; import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserExtensionDefault; - /** * This class implements the general extension constraint. * It checks if the extension in the certificate * template satisfies the criteria. - * + * * @version $Revision$, $Date$ */ public class ExtensionConstraint extends EnrollConstraint { @@ -57,33 +55,32 @@ public class ExtensionConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (mConfig.getSubStore("params") == null) { CMS.debug("ExtensionConstraint: mConfig.getSubStore is null"); } else { CMS.debug("ExtensionConstraint: setConfig name=" + name + - " value=" + value); - - if(name.equals(CONFIG_OID)) - { - try { - CMS.checkOID("", value); - } catch (Exception e) { - throw new EPropertyException( - CMS.getUserMessage("CMS_PROFILE_PROPERTY_ERROR", value)); - } + " value=" + value); + + if (name.equals(CONFIG_OID)) { + try { + CMS.checkOID("", value); + } catch (Exception e) { + throw new EPropertyException( + CMS.getUserMessage("CMS_PROFILE_PROPERTY_ERROR", value)); + } } mConfig.getSubStore("params").putString(name, value); } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", @@ -101,16 +98,16 @@ public class ExtensionConstraint extends EnrollConstraint { * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { - Extension ext = getExtension(getConfig(CONFIG_OID), info); + Extension ext = getExtension(getConfig(CONFIG_OID), info); if (ext == null) { throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - getConfig(CONFIG_OID))); + getLocale(request), + "CMS_PROFILE_EXTENSION_NOT_FOUND", + getConfig(CONFIG_OID))); } // check criticality @@ -119,12 +116,12 @@ public class ExtensionConstraint extends EnrollConstraint { if (!isOptional(value)) { boolean critical = getBoolean(value); - if (critical != ext.isCritical()) { + if (critical != ext.isCritical()) { throw new ERejectException( CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CRITICAL_NOT_MATCHED")); + "CMS_PROFILE_CRITICAL_NOT_MATCHED")); } - } + } } public String getText(Locale locale) { @@ -133,7 +130,7 @@ public class ExtensionConstraint extends EnrollConstraint { getConfig(CONFIG_OID) }; - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_EXTENSION_TEXT", params); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java index 56ec0adf1..eb66783ec 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.math.BigInteger; import java.security.interfaces.DSAParams; import java.util.HashMap; @@ -44,11 +43,10 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserKeyDefault; - /** * This constraint is to check the key type and * key length. - * + * * @version $Revision$, $Date$ */ @SuppressWarnings("serial") @@ -57,72 +55,299 @@ public class KeyConstraint extends EnrollConstraint { public static final String CONFIG_KEY_TYPE = "keyType"; // (EC, RSA) public static final String CONFIG_KEY_PARAMETERS = "keyParameters"; - private static final String[] ecCurves = {"nistp256","nistp384","nistp521","sect163k1","nistk163","sect163r1","sect163r2", - "nistb163","sect193r1","sect193r2","sect233k1","nistk233","sect233r1","nistb233","sect239k1","sect283k1","nistk283", - "sect283r1","nistb283","sect409k1","nistk409","sect409r1","nistb409","sect571k1","nistk571","sect571r1","nistb571", - "secp160k1","secp160r1","secp160r2","secp192k1","secp192r1","nistp192","secp224k1","secp224r1","nistp224","secp256k1", - "secp256r1","secp384r1","secp521r1","prime192v1","prime192v2","prime192v3","prime239v1","prime239v2","prime239v3","c2pnb163v1", - "c2pnb163v2","c2pnb163v3","c2pnb176v1","c2tnb191v1","c2tnb191v2","c2tnb191v3","c2pnb208w1","c2tnb239v1","c2tnb239v2","c2tnb239v3", - "c2pnb272w1","c2pnb304w1","c2tnb359w1","c2pnb368w1","c2tnb431r1","secp112r1","secp112r2","secp128r1","secp128r2","sect113r1","sect113r2", - "sect131r1","sect131r2" + private static final String[] ecCurves = { "nistp256", "nistp384", "nistp521", "sect163k1", "nistk163", "sect163r1", "sect163r2", + "nistb163", "sect193r1", "sect193r2", "sect233k1", "nistk233", "sect233r1", "nistb233", "sect239k1", "sect283k1", "nistk283", + "sect283r1", "nistb283", "sect409k1", "nistk409", "sect409r1", "nistb409", "sect571k1", "nistk571", "sect571r1", "nistb571", + "secp160k1", "secp160r1", "secp160r2", "secp192k1", "secp192r1", "nistp192", "secp224k1", "secp224r1", "nistp224", "secp256k1", + "secp256r1", "secp384r1", "secp521r1", "prime192v1", "prime192v2", "prime192v3", "prime239v1", "prime239v2", "prime239v3", "c2pnb163v1", + "c2pnb163v2", "c2pnb163v3", "c2pnb176v1", "c2tnb191v1", "c2tnb191v2", "c2tnb191v3", "c2pnb208w1", "c2tnb239v1", "c2tnb239v2", "c2tnb239v3", + "c2pnb272w1", "c2pnb304w1", "c2tnb359w1", "c2pnb368w1", "c2tnb431r1", "secp112r1", "secp112r2", "secp128r1", "secp128r2", "sect113r1", "sect113r2", + "sect131r1", "sect131r2" }; - private final static HashMap<String,Vector> ecOIDs = new HashMap<String,Vector>(); - static - { - ecOIDs.put( "1.2.840.10045.3.1.7", new Vector() {{add("nistp256");add("secp256r1");}}); - ecOIDs.put( "1.3.132.0.34", new Vector() {{add("nistp384");add("secp384r1");}}); - ecOIDs.put( "1.3.132.0.35", new Vector() {{add("nistp521");add("secp521r1");}}); - ecOIDs.put( "1.3.132.0.1", new Vector() {{add("sect163k1");add("nistk163");}}); - ecOIDs.put( "1.3.132.0.2", new Vector() {{add("sect163r1");}}); - ecOIDs.put( "1.3.132.0.15", new Vector() {{add("sect163r2");add("nistb163");}}); - ecOIDs.put( "1.3.132.0.24", new Vector() {{add("sect193r1");}}); - ecOIDs.put( "1.3.132.0.25", new Vector() {{add("sect193r2");}}); - ecOIDs.put( "1.3.132.0.26", new Vector() {{add("sect233k1");add("nistk233");}}); - ecOIDs.put( "1.3.132.0.27", new Vector() {{add("sect233r1");add("nistb233");}}); - ecOIDs.put( "1.3.132.0.3", new Vector() {{add("sect239k1");}}); - ecOIDs.put( "1.3.132.0.16", new Vector() {{add("sect283k1");add("nistk283");}}); - ecOIDs.put( "1.3.132.0.17", new Vector() {{add("sect283r1");add("nistb283");}}); - ecOIDs.put( "1.3.132.0.36", new Vector() {{add("sect409k1");add("nistk409");}}); - ecOIDs.put( "1.3.132.0.37", new Vector() {{add("sect409r1");add("nistb409");}}); - ecOIDs.put( "1.3.132.0.38", new Vector() {{add("sect571k1"); add("nistk571");}}); - ecOIDs.put( "1.3.132.0.39", new Vector() {{add("sect571r1");add("nistb571");}}); - ecOIDs.put( "1.3.132.0.9", new Vector() {{add("secp160k1");}}); - ecOIDs.put( "1.3.132.0.8", new Vector() {{add("secp160r1");}}); - ecOIDs.put( "1.3.132.0.30", new Vector() {{add("secp160r2");}}); - ecOIDs.put( "1.3.132.0.31", new Vector() {{add("secp192k1");}}); - ecOIDs.put( "1.2.840.10045.3.1.1", new Vector() {{add("secp192r1");add("nistp192");add("prime192v1");}}); - ecOIDs.put( "1.3.132.0.32", new Vector() {{add("secp224k1");}}); - ecOIDs.put( "1.3.132.0.33", new Vector() {{add("secp224r1");add("nistp224");}}); - ecOIDs.put( "1.3.132.0.10", new Vector() {{add("secp256k1");}}); - ecOIDs.put( "1.2.840.10045.3.1.2",new Vector() {{add("prime192v2");}}); - ecOIDs.put( "1.2.840.10045.3.1.3",new Vector() {{add("prime192v3");}}); - ecOIDs.put( "1.2.840.10045.3.1.4",new Vector() {{add("prime239v1");}}); - ecOIDs.put( "1.2.840.10045.3.1.5",new Vector() {{add("prime239v2");}}); - ecOIDs.put( "1.2.840.10045.3.1.6",new Vector() {{add("prime239v3");}}); - ecOIDs.put( "1.2.840.10045.3.0.1", new Vector() {{add("c2pnb163v1");}}); - ecOIDs.put( "1.2.840.10045.3.0.2", new Vector() {{add("c2pnb163v2");}}); - ecOIDs.put( "1.2.840.10045.3.0.3", new Vector() {{add("c2pnb163v3");}}); - ecOIDs.put( "1.2.840.10045.3.0.4", new Vector() {{add("c2pnb176v1");}}); - ecOIDs.put( "1.2.840.10045.3.0.5", new Vector() {{add("c2tnb191v1");}}); - ecOIDs.put( "1.2.840.10045.3.0.6", new Vector() {{add("c2tnb191v2");}}); - ecOIDs.put( "1.2.840.10045.3.0.7", new Vector() {{add("c2tnb191v3");}}); - ecOIDs.put( "1.2.840.10045.3.0.10", new Vector() {{add("c2pnb208w1");}}); - ecOIDs.put( "1.2.840.10045.3.0.11", new Vector() {{add("c2tnb239v1");}}); - ecOIDs.put( "1.2.840.10045.3.0.12", new Vector() {{add("c2tnb239v2");}}); - ecOIDs.put( "1.2.840.10045.3.0.13", new Vector() {{add("c2tnb239v3");}}); - ecOIDs.put( "1.2.840.10045.3.0.16", new Vector() {{add("c2pnb272w1");}}); - ecOIDs.put( "1.2.840.10045.3.0.17", new Vector() {{add("c2pnb304w1");}}); - ecOIDs.put( "1.2.840.10045.3.0.19", new Vector() {{add("c2pnb368w1");}}); - ecOIDs.put( "1.2.840.10045.3.0.20", new Vector() {{add("c2tnb431r1");}}); - ecOIDs.put( "1.3.132.0.6", new Vector() {{add("secp112r1");}}); - ecOIDs.put( "1.3.132.0.7", new Vector() {{add("secp112r2");}}); - ecOIDs.put( "1.3.132.0.28", new Vector() {{add("secp128r1");}}); - ecOIDs.put( "1.3.132.0.29", new Vector() {{add("secp128r2");}}); - ecOIDs.put( "1.3.132.0.4", new Vector() {{add("sect113r1");}}); - ecOIDs.put( "1.3.132.0.5", new Vector() {{add("sect113r2");}}); - ecOIDs.put( "1.3.132.0.22", new Vector() {{add("sect131r1");}}); - ecOIDs.put( "1.3.132.0.23", new Vector() {{add("sect131r2");}}); + private final static HashMap<String, Vector> ecOIDs = new HashMap<String, Vector>(); + static { + ecOIDs.put("1.2.840.10045.3.1.7", new Vector() { + { + add("nistp256"); + add("secp256r1"); + } + }); + ecOIDs.put("1.3.132.0.34", new Vector() { + { + add("nistp384"); + add("secp384r1"); + } + }); + ecOIDs.put("1.3.132.0.35", new Vector() { + { + add("nistp521"); + add("secp521r1"); + } + }); + ecOIDs.put("1.3.132.0.1", new Vector() { + { + add("sect163k1"); + add("nistk163"); + } + }); + ecOIDs.put("1.3.132.0.2", new Vector() { + { + add("sect163r1"); + } + }); + ecOIDs.put("1.3.132.0.15", new Vector() { + { + add("sect163r2"); + add("nistb163"); + } + }); + ecOIDs.put("1.3.132.0.24", new Vector() { + { + add("sect193r1"); + } + }); + ecOIDs.put("1.3.132.0.25", new Vector() { + { + add("sect193r2"); + } + }); + ecOIDs.put("1.3.132.0.26", new Vector() { + { + add("sect233k1"); + add("nistk233"); + } + }); + ecOIDs.put("1.3.132.0.27", new Vector() { + { + add("sect233r1"); + add("nistb233"); + } + }); + ecOIDs.put("1.3.132.0.3", new Vector() { + { + add("sect239k1"); + } + }); + ecOIDs.put("1.3.132.0.16", new Vector() { + { + add("sect283k1"); + add("nistk283"); + } + }); + ecOIDs.put("1.3.132.0.17", new Vector() { + { + add("sect283r1"); + add("nistb283"); + } + }); + ecOIDs.put("1.3.132.0.36", new Vector() { + { + add("sect409k1"); + add("nistk409"); + } + }); + ecOIDs.put("1.3.132.0.37", new Vector() { + { + add("sect409r1"); + add("nistb409"); + } + }); + ecOIDs.put("1.3.132.0.38", new Vector() { + { + add("sect571k1"); + add("nistk571"); + } + }); + ecOIDs.put("1.3.132.0.39", new Vector() { + { + add("sect571r1"); + add("nistb571"); + } + }); + ecOIDs.put("1.3.132.0.9", new Vector() { + { + add("secp160k1"); + } + }); + ecOIDs.put("1.3.132.0.8", new Vector() { + { + add("secp160r1"); + } + }); + ecOIDs.put("1.3.132.0.30", new Vector() { + { + add("secp160r2"); + } + }); + ecOIDs.put("1.3.132.0.31", new Vector() { + { + add("secp192k1"); + } + }); + ecOIDs.put("1.2.840.10045.3.1.1", new Vector() { + { + add("secp192r1"); + add("nistp192"); + add("prime192v1"); + } + }); + ecOIDs.put("1.3.132.0.32", new Vector() { + { + add("secp224k1"); + } + }); + ecOIDs.put("1.3.132.0.33", new Vector() { + { + add("secp224r1"); + add("nistp224"); + } + }); + ecOIDs.put("1.3.132.0.10", new Vector() { + { + add("secp256k1"); + } + }); + ecOIDs.put("1.2.840.10045.3.1.2", new Vector() { + { + add("prime192v2"); + } + }); + ecOIDs.put("1.2.840.10045.3.1.3", new Vector() { + { + add("prime192v3"); + } + }); + ecOIDs.put("1.2.840.10045.3.1.4", new Vector() { + { + add("prime239v1"); + } + }); + ecOIDs.put("1.2.840.10045.3.1.5", new Vector() { + { + add("prime239v2"); + } + }); + ecOIDs.put("1.2.840.10045.3.1.6", new Vector() { + { + add("prime239v3"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.1", new Vector() { + { + add("c2pnb163v1"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.2", new Vector() { + { + add("c2pnb163v2"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.3", new Vector() { + { + add("c2pnb163v3"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.4", new Vector() { + { + add("c2pnb176v1"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.5", new Vector() { + { + add("c2tnb191v1"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.6", new Vector() { + { + add("c2tnb191v2"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.7", new Vector() { + { + add("c2tnb191v3"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.10", new Vector() { + { + add("c2pnb208w1"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.11", new Vector() { + { + add("c2tnb239v1"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.12", new Vector() { + { + add("c2tnb239v2"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.13", new Vector() { + { + add("c2tnb239v3"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.16", new Vector() { + { + add("c2pnb272w1"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.17", new Vector() { + { + add("c2pnb304w1"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.19", new Vector() { + { + add("c2pnb368w1"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.20", new Vector() { + { + add("c2tnb431r1"); + } + }); + ecOIDs.put("1.3.132.0.6", new Vector() { + { + add("secp112r1"); + } + }); + ecOIDs.put("1.3.132.0.7", new Vector() { + { + add("secp112r2"); + } + }); + ecOIDs.put("1.3.132.0.28", new Vector() { + { + add("secp128r1"); + } + }); + ecOIDs.put("1.3.132.0.29", new Vector() { + { + add("secp128r2"); + } + }); + ecOIDs.put("1.3.132.0.4", new Vector() { + { + add("sect113r1"); + } + }); + ecOIDs.put("1.3.132.0.5", new Vector() { + { + add("sect113r2"); + } + }); + ecOIDs.put("1.3.132.0.22", new Vector() { + { + add("sect131r1"); + } + }); + ecOIDs.put("1.3.132.0.23", new Vector() { + { + add("sect131r2"); + } + }); } private static String[] cfgECCurves = null; @@ -136,7 +361,7 @@ public class KeyConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); String ecNames = ""; @@ -148,17 +373,17 @@ public class KeyConstraint extends EnrollConstraint { CMS.debug("KeyConstraint.init ecNames: " + ecNames); if (ecNames != null && ecNames.length() != 0) { cfgECCurves = ecNames.split(","); - } + } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_KEY_TYPE)) { return new Descriptor(IDescriptor.CHOICE, "-,RSA,EC", "RSA", CMS.getUserMessage(locale, "CMS_PROFILE_KEY_TYPE")); - } else if (name.equals(CONFIG_KEY_PARAMETERS)) { - return new Descriptor(IDescriptor.STRING,null,"", - CMS.getUserMessage(locale,"CMS_PROFILE_KEY_PARAMETERS")); + } else if (name.equals(CONFIG_KEY_PARAMETERS)) { + return new Descriptor(IDescriptor.STRING, null, "", + CMS.getUserMessage(locale, "CMS_PROFILE_KEY_PARAMETERS")); } return null; @@ -169,11 +394,11 @@ public class KeyConstraint extends EnrollConstraint { * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { try { CertificateX509Key infokey = (CertificateX509Key) - info.get(X509CertInfo.KEY); - X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY); + info.get(X509CertInfo.KEY); + X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY); String alg = key.getAlgorithmId().getName().toUpperCase(); String value = getConfig(CONFIG_KEY_TYPE); @@ -183,27 +408,27 @@ public class KeyConstraint extends EnrollConstraint { if (!alg.equals(value)) { throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_KEY_TYPE_NOT_MATCHED", - value)); + getLocale(request), + "CMS_PROFILE_KEY_TYPE_NOT_MATCHED", + value)); } } int keySize = 0; String ecCurve = ""; - if (alg.equals("RSA")) { + if (alg.equals("RSA")) { keySize = getRSAKeyLen(key); - } else if (alg.equals("DSA")) { + } else if (alg.equals("DSA")) { keySize = getDSAKeyLen(key); - } else if (alg.equals("EC")) { + } else if (alg.equals("EC")) { //EC key case. } else { - throw new ERejectException( + throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_INVALID_KEY_TYPE", - alg)); + getLocale(request), + "CMS_PROFILE_INVALID_KEY_TYPE", + alg)); } value = getConfig(CONFIG_KEY_PARAMETERS); @@ -214,9 +439,9 @@ public class KeyConstraint extends EnrollConstraint { if (!alg.equals(keyType) && !isOptional(keyType)) { throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", - value)); + getLocale(request), + "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", + value)); } AlgorithmId algid = key.getAlgorithmId(); @@ -226,14 +451,14 @@ public class KeyConstraint extends EnrollConstraint { //Get raw string representation of alg parameters, will give //us the curve OID. - String params = null; + String params = null; if (algid != null) { params = algid.getParametersString(); } if (params.startsWith("OID.")) { params = params.substring(4); - } + } CMS.debug("EC key OID: " + params); Vector vect = ecOIDs.get(params); @@ -245,8 +470,8 @@ public class KeyConstraint extends EnrollConstraint { if (!isOptional(keyType)) { //Check the curve parameters only if explicit ECC or not optional - for (int i = 0 ; i < keyParams.length ; i ++) { - String ecParam = keyParams[i]; + for (int i = 0; i < keyParams.length; i++) { + String ecParam = keyParams[i]; CMS.debug("keyParams[i]: " + i + " param: " + ecParam); if (vect.contains(ecParam)) { curveFound = true; @@ -260,21 +485,21 @@ public class KeyConstraint extends EnrollConstraint { } if (!curveFound) { - CMS.debug("KeyConstraint.validate: EC key constrainst failed."); + CMS.debug("KeyConstraint.validate: EC key constrainst failed."); throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", - value)); + getLocale(request), + "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", + value)); } - } else { - if ( !arrayContainsString(keyParams,Integer.toString(keySize))) { - throw new ERejectException( + } else { + if (!arrayContainsString(keyParams, Integer.toString(keySize))) { + throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", - value)); + getLocale(request), + "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", + value)); } CMS.debug("KeyConstraint.validate: RSA key contraints passed."); } @@ -320,7 +545,7 @@ public class KeyConstraint extends EnrollConstraint { getConfig(CONFIG_KEY_PARAMETERS) }; - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_KEY_TEXT", params); } @@ -333,27 +558,27 @@ public class KeyConstraint extends EnrollConstraint { } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { CMS.debug("KeyConstraint.setConfig name: " + name + " value: " + value); //establish keyType, we don't know which order these params will arrive if (name.equals(CONFIG_KEY_TYPE)) { keyType = value; - if(keyParams.equals("")) - return; + if (keyParams.equals("")) + return; } - + //establish keyParams if (name.equals(CONFIG_KEY_PARAMETERS)) { CMS.debug("establish keyParams: " + value); keyParams = value; - if(keyType.equals("")) + if (keyType.equals("")) return; } // All the params we need for validation have been collected, // we don't know which order they will show up - if (keyType.length() > 0 && keyParams.length() > 0) { + if (keyType.length() > 0 && keyParams.length() > 0) { String[] params = keyParams.split(","); boolean isECCurve = false; int keySize = 0; @@ -362,47 +587,47 @@ public class KeyConstraint extends EnrollConstraint { if (keyType.equals("EC")) { if (cfgECCurves == null) { //Use the static array as a backup if the config values are not present. - isECCurve = arrayContainsString(ecCurves,params[i]); + isECCurve = arrayContainsString(ecCurves, params[i]); } else { - isECCurve = arrayContainsString(cfgECCurves,params[i]); + isECCurve = arrayContainsString(cfgECCurves, params[i]); } if (isECCurve == false) { //Not a valid EC curve throw exception. keyType = ""; keyParams = ""; throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", name)); + "CMS_INVALID_PROPERTY", name)); } - } else { + } else { try { keySize = Integer.parseInt(params[i]); } catch (Exception e) { keySize = 0; } - if (keySize <= 0) { + if (keySize <= 0) { keyType = ""; keyParams = ""; throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", name)); + "CMS_INVALID_PROPERTY", name)); } } } - } - //Actually set the configuration in the profile - super.setConfig(CONFIG_KEY_TYPE, keyType); - super.setConfig(CONFIG_KEY_PARAMETERS, keyParams); + } + //Actually set the configuration in the profile + super.setConfig(CONFIG_KEY_TYPE, keyType); + super.setConfig(CONFIG_KEY_PARAMETERS, keyParams); - //Reset the vars for next round. - keyType = ""; - keyParams = ""; + //Reset the vars for next round. + keyType = ""; + keyParams = ""; } private boolean arrayContainsString(String[] array, String value) { if (array == null || value == null) { - return false; - } + return false; + } - for (int i = 0 ; i < array.length; i++) { + for (int i = 0; i < array.length; i++) { if (array[i].equals(value)) { return true; } @@ -411,4 +636,3 @@ public class KeyConstraint extends EnrollConstraint { return false; } } - diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java index 4a483b43d..927c64ec2 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.util.Locale; import netscape.security.x509.KeyUsageExtension; @@ -37,25 +36,24 @@ import com.netscape.cms.profile.def.KeyUsageExtDefault; import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserExtensionDefault; - /** * This class implements the key usage extension constraint. * It checks if the key usage constraint in the certificate * template satisfies the criteria. - * + * * @version $Revision$, $Date$ */ public class KeyUsageExtConstraint extends EnrollConstraint { public static final String CONFIG_CRITICAL = "keyUsageCritical"; public static final String CONFIG_DIGITAL_SIGNATURE = - "keyUsageDigitalSignature"; + "keyUsageDigitalSignature"; public static final String CONFIG_NON_REPUDIATION = - "keyUsageNonRepudiation"; + "keyUsageNonRepudiation"; public static final String CONFIG_KEY_ENCIPHERMENT = - "keyUsageKeyEncipherment"; + "keyUsageKeyEncipherment"; public static final String CONFIG_DATA_ENCIPHERMENT = - "keyUsageDataEncipherment"; + "keyUsageDataEncipherment"; public static final String CONFIG_KEY_AGREEMENT = "keyUsageKeyAgreement"; public static final String CONFIG_KEY_CERTSIGN = "keyUsageKeyCertSign"; public static final String CONFIG_CRL_SIGN = "keyUsageCrlSign"; @@ -77,12 +75,12 @@ public class KeyUsageExtConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", @@ -138,16 +136,16 @@ public class KeyUsageExtConstraint extends EnrollConstraint { * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { - KeyUsageExtension ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + throws ERejectException { + KeyUsageExtension ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - PKIXExtensions.KeyUsage_Id.toString())); + getLocale(request), + "CMS_PROFILE_EXTENSION_NOT_FOUND", + PKIXExtensions.KeyUsage_Id.toString())); } boolean[] bits = ext.getBits(); @@ -156,10 +154,10 @@ public class KeyUsageExtConstraint extends EnrollConstraint { if (!isOptional(value)) { boolean critical = getBoolean(value); - if (critical != ext.isCritical()) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CRITICAL_NOT_MATCHED")); + if (critical != ext.isCritical()) { + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_CRITICAL_NOT_MATCHED")); } } value = getConfig(CONFIG_DIGITAL_SIGNATURE); @@ -167,99 +165,99 @@ public class KeyUsageExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != isSet(bits, 0)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_DIGITAL_SIGNATURE_NOT_MATCHED", - value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_DIGITAL_SIGNATURE_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_NON_REPUDIATION); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 1)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_NON_REPUDIATION_NOT_MATCHED", - value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_NON_REPUDIATION_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_KEY_ENCIPHERMENT); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 2)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_KEY_ENCIPHERMENT_NOT_MATCHED", - value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_KEY_ENCIPHERMENT_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_DATA_ENCIPHERMENT); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 3)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_DATA_ENCIPHERMENT_NOT_MATCHED", - value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_DATA_ENCIPHERMENT_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_KEY_AGREEMENT); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 4)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_KEY_AGREEMENT_NOT_MATCHED", - value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_KEY_AGREEMENT_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_KEY_CERTSIGN); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 5)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_KEY_CERTSIGN_NOT_MATCHED", - value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_KEY_CERTSIGN_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_CRL_SIGN); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 6)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CRL_SIGN_NOT_MATCHED", - value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_CRL_SIGN_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_ENCIPHER_ONLY); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 7)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_ENCIPHER_ONLY_NOT_MATCHED", - value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_ENCIPHER_ONLY_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_DECIPHER_ONLY); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 8)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_DECIPHER_ONLY_NOT_MATCHED", - value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_DECIPHER_ONLY_NOT_MATCHED", + value)); + } } } @@ -277,7 +275,7 @@ public class KeyUsageExtConstraint extends EnrollConstraint { getConfig(CONFIG_DECIPHER_ONLY) }; - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_KEY_USAGE_EXT_TEXT", params); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java index fe20b766c..843360542 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.util.Locale; import netscape.security.extensions.NSCertTypeExtension; @@ -36,12 +35,11 @@ import com.netscape.cms.profile.def.NSCertTypeExtDefault; import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserExtensionDefault; - /** * This class implements the Netscape certificate type extension constraint. * It checks if the Netscape certificate type extension in the certificate * template satisfies the criteria. - * + * * @version $Revision$, $Date$ */ public class NSCertTypeExtConstraint extends EnrollConstraint { @@ -68,11 +66,11 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", @@ -104,8 +102,8 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { } else if (name.equals(CONFIG_OBJECT_SIGNING_CA)) { return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", - CMS.getUserMessage(locale, - "CMS_PROFILE_OBJECT_SIGNING_CA")); + CMS.getUserMessage(locale, + "CMS_PROFILE_OBJECT_SIGNING_CA")); } return null; } @@ -115,16 +113,16 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { NSCertTypeExtension ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - NSCertTypeExtension.CertType_Id.toString())); + getLocale(request), + "CMS_PROFILE_EXTENSION_NOT_FOUND", + NSCertTypeExtension.CertType_Id.toString())); } String value = getConfig(CONFIG_CRITICAL); @@ -132,10 +130,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { if (!isOptional(value)) { boolean critical = getBoolean(value); - if (critical != ext.isCritical()) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CRITICAL_NOT_MATCHED")); + if (critical != ext.isCritical()) { + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_CRITICAL_NOT_MATCHED")); } } value = getConfig(CONFIG_SSL_CLIENT); @@ -143,10 +141,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(0)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SSL_CLIENT_NOT_MATCHED", - value)); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SSL_CLIENT_NOT_MATCHED", + value)); } } value = getConfig(CONFIG_SSL_SERVER); @@ -154,10 +152,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(1)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SSL_SERVER_NOT_MATCHED", - value)); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SSL_SERVER_NOT_MATCHED", + value)); } } value = getConfig(CONFIG_EMAIL); @@ -165,10 +163,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(2)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_EMAIL_NOT_MATCHED", - value)); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_EMAIL_NOT_MATCHED", + value)); } } value = getConfig(CONFIG_OBJECT_SIGNING); @@ -176,10 +174,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(3)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_OBJECT_SIGNING_NOT_MATCHED", - value)); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_OBJECT_SIGNING_NOT_MATCHED", + value)); } } value = getConfig(CONFIG_SSL_CA); @@ -187,10 +185,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(4)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SSL_CA_NOT_MATCHED", - value)); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SSL_CA_NOT_MATCHED", + value)); } } value = getConfig(CONFIG_EMAIL_CA); @@ -198,10 +196,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(5)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_EMAIL_CA_NOT_MATCHED", - value)); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_EMAIL_CA_NOT_MATCHED", + value)); } } value = getConfig(CONFIG_OBJECT_SIGNING_CA); @@ -209,10 +207,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(6)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_OBJECT_SIGNING_CA_NOT_MATCHED", - value)); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_OBJECT_SIGNING_CA_NOT_MATCHED", + value)); } } } @@ -229,7 +227,7 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { getConfig(CONFIG_OBJECT_SIGNING_CA) }; - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_NS_CERT_EXT_TEXT", params); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java index 108c32b17..0d81c583f 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -34,17 +33,16 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements no constraint. - * + * * @version $Revision$, $Date$ */ public class NoConstraint implements IPolicyConstraint { public static final String CONFIG_NAME = "name"; - private IConfigStore mConfig = null; + private IConfigStore mConfig = null; private Vector mNames = new Vector(); public Enumeration getConfigNames() { @@ -56,7 +54,7 @@ public class NoConstraint implements IPolicyConstraint { } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { } public String getConfig(String name) { @@ -68,7 +66,7 @@ public class NoConstraint implements IPolicyConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mConfig = config; } @@ -81,11 +79,11 @@ public class NoConstraint implements IPolicyConstraint { * during the validation. */ public void validate(IRequest request) - throws ERejectException { + throws ERejectException { } public String getText(Locale locale) { - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_NO_CONSTRAINT_TEXT"); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java index 91d5a46aa..6dce4e6e7 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.math.BigInteger; import java.util.Date; import java.util.Locale; @@ -36,11 +35,10 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.def.NoDefault; - /** * This class supports renewal grace period, which has two * parameters: graceBefore and graceAfter - * + * * @author Christina Fu * @version $Revision$, $Date$ */ @@ -58,20 +56,20 @@ public class RenewGracePeriodConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public void setConfig(String name, String value) - throws EPropertyException { - if ( name.equals(CONFIG_RENEW_GRACE_BEFORE) || - name.equals(CONFIG_RENEW_GRACE_AFTER)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + throws EPropertyException { + if (name.equals(CONFIG_RENEW_GRACE_BEFORE) || + name.equals(CONFIG_RENEW_GRACE_AFTER)) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_RENEW_GRACE_BEFORE +" or "+ CONFIG_RENEW_GRACE_AFTER)); - } + "CMS_INVALID_PROPERTY", CONFIG_RENEW_GRACE_BEFORE + " or " + CONFIG_RENEW_GRACE_AFTER)); + } } super.setConfig(name, value); } @@ -88,75 +86,74 @@ public class RenewGracePeriodConstraint extends EnrollConstraint { } public void validate(IRequest req, X509CertInfo info) - throws ERejectException { - String origExpDate_s = req.getExtDataInString("origNotAfter"); - // probably not for renewal - if (origExpDate_s == null) { - return; - } else { - CMS.debug("validate RenewGracePeriod: original cert expiration date found... renewing"); - } - CMS.debug("ValidilityConstraint: validateRenewGraceperiod begins"); - BigInteger origExpDate_BI = new BigInteger(origExpDate_s); - Date origExpDate = new Date(origExpDate_BI.longValue()); - String renew_grace_before_s = getConfig(CONFIG_RENEW_GRACE_BEFORE); - String renew_grace_after_s = getConfig(CONFIG_RENEW_GRACE_AFTER); - int renew_grace_before = 0; - int renew_grace_after = 0; - BigInteger renew_grace_before_BI = new BigInteger(renew_grace_before_s); - BigInteger renew_grace_after_BI= new BigInteger(renew_grace_after_s); - - // -1 means no limit - if (renew_grace_before_s == "") - renew_grace_before = -1; - else - renew_grace_before = Integer.parseInt(renew_grace_before_s); - - if (renew_grace_after_s == "") - renew_grace_after = -1; - else - renew_grace_after = Integer.parseInt(renew_grace_after_s); - - if (renew_grace_before > 0) - renew_grace_before_BI = renew_grace_before_BI.multiply(BigInteger.valueOf(1000 * 86400)); - if (renew_grace_after > 0) - renew_grace_after_BI = renew_grace_after_BI.multiply(BigInteger.valueOf(1000 * 86400)); - - Date current = CMS.getCurrentDate(); - long millisDiff = origExpDate.getTime() - current.getTime(); - CMS.debug("validateRenewGracePeriod: millisDiff=" + millisDiff + " origExpDate=" + origExpDate.getTime() + " current=" + current.getTime()); - - /* - * "days", if positive, has to be less than renew_grace_before - * "days", if negative, means already past expiration date, - * (abs value) has to be less than renew_grace_after - * if renew_grace_before or renew_grace_after are negative - * the one with negative value is ignored - */ - if (millisDiff >= 0) { - if ((renew_grace_before>0) && (millisDiff > renew_grace_before_BI.longValue())) { - throw new ERejectException(CMS.getUserMessage(getLocale(req), - "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD", - renew_grace_before+" days before and "+ - renew_grace_after+" days after original cert expiration date")); - } - } else { - if ((renew_grace_after > 0) && ((0-millisDiff) > renew_grace_after_BI.longValue())) { - throw new ERejectException(CMS.getUserMessage(getLocale(req), - "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD", - renew_grace_before+" days before and "+ - renew_grace_after+" days after original cert expiration date")); - } - } + throws ERejectException { + String origExpDate_s = req.getExtDataInString("origNotAfter"); + // probably not for renewal + if (origExpDate_s == null) { + return; + } else { + CMS.debug("validate RenewGracePeriod: original cert expiration date found... renewing"); + } + CMS.debug("ValidilityConstraint: validateRenewGraceperiod begins"); + BigInteger origExpDate_BI = new BigInteger(origExpDate_s); + Date origExpDate = new Date(origExpDate_BI.longValue()); + String renew_grace_before_s = getConfig(CONFIG_RENEW_GRACE_BEFORE); + String renew_grace_after_s = getConfig(CONFIG_RENEW_GRACE_AFTER); + int renew_grace_before = 0; + int renew_grace_after = 0; + BigInteger renew_grace_before_BI = new BigInteger(renew_grace_before_s); + BigInteger renew_grace_after_BI = new BigInteger(renew_grace_after_s); + + // -1 means no limit + if (renew_grace_before_s == "") + renew_grace_before = -1; + else + renew_grace_before = Integer.parseInt(renew_grace_before_s); + + if (renew_grace_after_s == "") + renew_grace_after = -1; + else + renew_grace_after = Integer.parseInt(renew_grace_after_s); + + if (renew_grace_before > 0) + renew_grace_before_BI = renew_grace_before_BI.multiply(BigInteger.valueOf(1000 * 86400)); + if (renew_grace_after > 0) + renew_grace_after_BI = renew_grace_after_BI.multiply(BigInteger.valueOf(1000 * 86400)); + + Date current = CMS.getCurrentDate(); + long millisDiff = origExpDate.getTime() - current.getTime(); + CMS.debug("validateRenewGracePeriod: millisDiff=" + millisDiff + " origExpDate=" + origExpDate.getTime() + " current=" + current.getTime()); + + /* + * "days", if positive, has to be less than renew_grace_before + * "days", if negative, means already past expiration date, + * (abs value) has to be less than renew_grace_after + * if renew_grace_before or renew_grace_after are negative + * the one with negative value is ignored + */ + if (millisDiff >= 0) { + if ((renew_grace_before > 0) && (millisDiff > renew_grace_before_BI.longValue())) { + throw new ERejectException(CMS.getUserMessage(getLocale(req), + "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD", + renew_grace_before + " days before and " + + renew_grace_after + " days after original cert expiration date")); + } + } else { + if ((renew_grace_after > 0) && ((0 - millisDiff) > renew_grace_after_BI.longValue())) { + throw new ERejectException(CMS.getUserMessage(getLocale(req), + "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD", + renew_grace_before + " days before and " + + renew_grace_after + " days after original cert expiration date")); + } + } } - public String getText(Locale locale) { String renew_grace_before_s = getConfig(CONFIG_RENEW_GRACE_BEFORE); - String renew_grace_after_s= getConfig(CONFIG_RENEW_GRACE_AFTER); - return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_VALIDITY_TEXT", - renew_grace_before_s+" days before and "+ - renew_grace_after_s+" days after original cert expiration date"); + String renew_grace_after_s = getConfig(CONFIG_RENEW_GRACE_AFTER); + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_VALIDITY_TEXT", + renew_grace_before_s + " days before and " + + renew_grace_after_s + " days after original cert expiration date"); } public boolean isApplicable(IPolicyDefault def) { diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java index f570c26e6..2c5785501 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.util.Locale; import java.util.StringTokenizer; import java.util.Vector; @@ -40,12 +39,11 @@ import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.SigningAlgDefault; import com.netscape.cms.profile.def.UserSigningAlgDefault; - /** * This class implements the signing algorithm constraint. * It checks if the signing algorithm in the certificate * template satisfies the criteria. - * + * * @version $Revision$, $Date$ */ public class SigningAlgConstraint extends EnrollConstraint { @@ -69,29 +67,28 @@ public class SigningAlgConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (mConfig.getSubStore("params") == null) { CMS.debug("SigningAlgConstraint: mConfig.getSubStore is null"); } else { - CMS.debug("SigningAlgConstraint: setConfig name=" + name + - " value=" + value); - - if(name.equals(CONFIG_ALGORITHMS_ALLOWED)) - { - StringTokenizer st = new StringTokenizer(value, ","); - while (st.hasMoreTokens()) { - String v = st.nextToken(); - if (DEF_CONFIG_ALGORITHMS.indexOf(v) == -1) { - throw new EPropertyException( - CMS.getUserMessage("CMS_PROFILE_PROPERTY_ERROR", v)); - } - } + CMS.debug("SigningAlgConstraint: setConfig name=" + name + + " value=" + value); + + if (name.equals(CONFIG_ALGORITHMS_ALLOWED)) { + StringTokenizer st = new StringTokenizer(value, ","); + while (st.hasMoreTokens()) { + String v = st.nextToken(); + if (DEF_CONFIG_ALGORITHMS.indexOf(v) == -1) { + throw new EPropertyException( + CMS.getUserMessage("CMS_PROFILE_PROPERTY_ERROR", v)); + } + } } mConfig.getSubStore("params").putString(name, value); } @@ -101,8 +98,8 @@ public class SigningAlgConstraint extends EnrollConstraint { if (name.equals(CONFIG_ALGORITHMS_ALLOWED)) { return new Descriptor(IDescriptor.STRING, null, DEF_CONFIG_ALGORITHMS, - CMS.getUserMessage(locale, - "CMS_PROFILE_SIGNING_ALGORITHMS_ALLOWED")); + CMS.getUserMessage(locale, + "CMS_PROFILE_SIGNING_ALGORITHMS_ALLOWED")); } return null; } @@ -112,13 +109,13 @@ public class SigningAlgConstraint extends EnrollConstraint { * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { CertificateAlgorithmId algId = null; try { algId = (CertificateAlgorithmId) info.get(X509CertInfo.ALGORITHM_ID); AlgorithmId id = (AlgorithmId) - algId.get(CertificateAlgorithmId.ALGORITHM); + algId.get(CertificateAlgorithmId.ALGORITHM); Vector mCache = new Vector(); StringTokenizer st = new StringTokenizer( @@ -132,7 +129,7 @@ public class SigningAlgConstraint extends EnrollConstraint { if (!mCache.contains(id.toString())) { throw new ERejectException(CMS.getUserMessage( - getLocale(request), + getLocale(request), "CMS_PROFILE_SIGNING_ALGORITHM_NOT_MATCHED", id.toString())); } } catch (Exception e) { diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java index 7ce32f00e..477e99b98 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.io.IOException; import java.util.Locale; @@ -38,12 +37,11 @@ import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.SubjectNameDefault; import com.netscape.cms.profile.def.UserSubjectNameDefault; - /** * This class implements the subject name constraint. * It checks if the subject name in the certificate * template satisfies the criteria. - * + * * @version $Revision$, $Date$ */ public class SubjectNameConstraint extends EnrollConstraint { @@ -56,13 +54,13 @@ public class SubjectNameConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_PATTERN)) { - return new Descriptor(IDescriptor.STRING, + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_PATTERN)) { + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME_PATTERN")); } else { @@ -79,18 +77,18 @@ public class SubjectNameConstraint extends EnrollConstraint { * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { CMS.debug("SubjectNameConstraint: validate start"); CertificateSubjectName sn = null; try { sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); - CMS.debug("SubjectNameConstraint: validate cert subject ="+ + CMS.debug("SubjectNameConstraint: validate cert subject =" + sn.toString()); } catch (Exception e) { throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } X500Name sn500 = null; @@ -98,31 +96,31 @@ public class SubjectNameConstraint extends EnrollConstraint { sn500 = (X500Name) sn.get(CertificateSubjectName.DN_NAME); } catch (IOException e) { throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } if (sn500 == null) { CMS.debug("SubjectNameConstraint: validate() - sn500 is null"); throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } else { - CMS.debug("SubjectNameConstraint: validate() - sn500 "+ - CertificateSubjectName.DN_NAME + " = "+ - sn500.toString()); + CMS.debug("SubjectNameConstraint: validate() - sn500 " + + CertificateSubjectName.DN_NAME + " = " + + sn500.toString()); } if (!sn500.toString().matches(getConfig(CONFIG_PATTERN))) { - CMS.debug("SubjectNameConstraint: validate() - sn500 not matching pattern "+ getConfig(CONFIG_PATTERN)); + CMS.debug("SubjectNameConstraint: validate() - sn500 not matching pattern " + getConfig(CONFIG_PATTERN)); throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_MATCHED", - sn500.toString())); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_MATCHED", + sn500.toString())); } } public String getText(Locale locale) { - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_SUBJECT_NAME_TEXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_CONSTRAINT_SUBJECT_NAME_TEXT", getConfig(CONFIG_PATTERN)); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java index b47e2230d..1526686e9 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.util.Enumeration; import java.util.Locale; @@ -47,53 +46,52 @@ import com.netscape.cms.profile.def.NoDefault; * The config param "allowSameKeyRenewal" enables the * situation where if the publickey is not unique, and if * the subject DN is the same, that is a "renewal". - * + * * Another "feature" that is quoted out of this code is the * "revokeDupKeyCert" option, which enables the revocation * of certs that bear the same publickey as the enrolling - * request. Since this can potentially be abused, it is taken + * request. Since this can potentially be abused, it is taken * out and preserved in comments to allow future refinement. - * + * * @version $Revision$, $Date$ */ public class UniqueKeyConstraint extends EnrollConstraint { - /* - public static final String CONFIG_REVOKE_DUPKEY_CERT = - "revokeDupKeyCert"; - boolean mRevokeDupKeyCert = false; - */ - public static final String CONFIG_ALLOW_SAME_KEY_RENEWAL = - "allowSameKeyRenewal"; - boolean mAllowSameKeyRenewal = false; + /* + public static final String CONFIG_REVOKE_DUPKEY_CERT = + "revokeDupKeyCert"; + boolean mRevokeDupKeyCert = false; + */ + public static final String CONFIG_ALLOW_SAME_KEY_RENEWAL = + "allowSameKeyRenewal"; + boolean mAllowSameKeyRenewal = false; public ICertificateAuthority mCA = null; - public UniqueKeyConstraint() { - super(); - /* - addConfigName(CONFIG_REVOKE_DUPKEY_CERT); - */ - addConfigName(CONFIG_ALLOW_SAME_KEY_RENEWAL); - } + public UniqueKeyConstraint() { + super(); + /* + addConfigName(CONFIG_REVOKE_DUPKEY_CERT); + */ + addConfigName(CONFIG_ALLOW_SAME_KEY_RENEWAL); + } - public void init(IProfile profile, IConfigStore config) - throws EProfileException { + public void init(IProfile profile, IConfigStore config) + throws EProfileException { super.init(profile, config); mCA = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + CMS.getSubsystem(CMS.SUBSYSTEM_CA); } - public IDescriptor getConfigDescriptor(Locale locale, String name) - { - /* - if (name.equals(CONFIG_REVOKE_DUPKEY_CERT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_REVOKE_DUPKEY_CERT")); - } - */ - if (name.equals(CONFIG_ALLOW_SAME_KEY_RENEWAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_ALLOW_SAME_KEY_RENEWAL")); - } + public IDescriptor getConfigDescriptor(Locale locale, String name) { + /* + if (name.equals(CONFIG_REVOKE_DUPKEY_CERT)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", + CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_REVOKE_DUPKEY_CERT")); + } + */ + if (name.equals(CONFIG_ALLOW_SAME_KEY_RENEWAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", + CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_ALLOW_SAME_KEY_RENEWAL")); + } return null; } @@ -106,169 +104,170 @@ public class UniqueKeyConstraint extends EnrollConstraint { * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { - boolean rejected = false; - int size = 0; - ICertRecordList list; + throws ERejectException { + boolean rejected = false; + int size = 0; + ICertRecordList list; - /* - mRevokeDupKeyCert = - getConfigBoolean(CONFIG_REVOKE_DUPKEY_CERT); - */ - mAllowSameKeyRenewal = getConfigBoolean(CONFIG_ALLOW_SAME_KEY_RENEWAL); + /* + mRevokeDupKeyCert = + getConfigBoolean(CONFIG_REVOKE_DUPKEY_CERT); + */ + mAllowSameKeyRenewal = getConfigBoolean(CONFIG_ALLOW_SAME_KEY_RENEWAL); try { CertificateX509Key infokey = (CertificateX509Key) - info.get(X509CertInfo.KEY); + info.get(X509CertInfo.KEY); X509Key key = (X509Key) - infokey.get(CertificateX509Key.KEY); + infokey.get(CertificateX509Key.KEY); - // check for key uniqueness - byte pub[] = key.getEncoded(); - String pub_s = escapeBinaryData(pub); - String filter = "(" + ICertRecord.ATTR_X509CERT_PUBLIC_KEY_DATA +"=" + pub_s + ")"; - list = - (ICertRecordList) - mCA.getCertificateRepository().findCertRecordsInList(filter, null, 10); - size = list.getSize(); + // check for key uniqueness + byte pub[] = key.getEncoded(); + String pub_s = escapeBinaryData(pub); + String filter = "(" + ICertRecord.ATTR_X509CERT_PUBLIC_KEY_DATA + "=" + pub_s + ")"; + list = + (ICertRecordList) + mCA.getCertificateRepository().findCertRecordsInList(filter, null, 10); + size = list.getSize(); } catch (Exception e) { - throw new ERejectException( + throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_INTERNAL_ERROR",e.toString())); - } - - /* - * It does not matter if the corresponding cert's status - * is valid or not, we don't want a key that was once - * generated before - */ - if (size > 0) { - CMS.debug("UniqueKeyConstraint: found existing cert with duplicate key."); - - /* - The following code revokes the existing certs that have - the same public key as the one submitted for enrollment - request. However, it is not a good idea due to possible - abuse. It is therefore commented out. It is still - however still maintained for possible utilization at later - time - - // if configured to revoke duplicated key - // revoke cert - if (mRevokeDupKeyCert) { - try { - Enumeration e = list.getCertRecords(0, size-1); - while (e != null && e.hasMoreElements()) { - ICertRecord rec = (ICertRecord) e.nextElement(); - X509CertImpl cert = rec.getCertificate(); - - // revoke the cert - BigInteger serialNum = cert.getSerialNumber(); - ICAService service = (ICAService) mCA.getCAService(); - - RevokedCertImpl crlEntry = - formCRLEntry(serialNum, RevocationReason.KEY_COMPROMISE); - service.revokeCert(crlEntry); - CMS.debug("UniqueKeyConstraint: certificate with duplicate publickey revoked successfully"); - } - } catch (Exception ex) { - CMS.debug("UniqueKeyConstraint: error in revoke dupkey cert"); - } - } // revoke dupkey cert turned on - */ - - if (mAllowSameKeyRenewal == true) { - X500Name sjname_in_db = null; - X500Name sjname_in_req = null; - - try { - // get subject of request - CertificateSubjectName subName = - (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); - - if (subName != null) { - - sjname_in_req = - (X500Name) subName.get(CertificateSubjectName.DN_NAME); - CMS.debug("UniqueKeyConstraint: cert request subject DN ="+ sjname_in_req.toString()); - Enumeration e = list.getCertRecords(0, size-1); - while (e != null && e.hasMoreElements()) { - ICertRecord rec = (ICertRecord) e.nextElement(); - X509CertImpl cert = rec.getCertificate(); - String certDN = - cert.getSubjectDN().toString(); - CMS.debug("UniqueKeyConstraint: cert retrieved from ldap has subject DN ="+ certDN); - - sjname_in_db = new X500Name(certDN); - - if (sjname_in_db.equals(sjname_in_req) == false) { - rejected = true; - break; - } else { - rejected = false; - } - } // while - } else { //subName is null - rejected = true; - } - } catch (Exception ex1) { - CMS.debug("UniqueKeyConstraint: error in allowSameKeyRenewal: "+ex1.toString()); - rejected = true; - } // try - - } else { - rejected = true; - }// allowSameKeyRenewal - } // (size > 0) - - if (rejected == true) { - CMS.debug("UniqueKeyConstraint: rejected"); - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_DUPLICATE_KEY")); - } else { - CMS.debug("UniqueKeyConstraint: approved"); - } + getLocale(request), + "CMS_PROFILE_INTERNAL_ERROR", e.toString())); + } + + /* + * It does not matter if the corresponding cert's status + * is valid or not, we don't want a key that was once + * generated before + */ + if (size > 0) { + CMS.debug("UniqueKeyConstraint: found existing cert with duplicate key."); + + /* + The following code revokes the existing certs that have + the same public key as the one submitted for enrollment + request. However, it is not a good idea due to possible + abuse. It is therefore commented out. It is still + however still maintained for possible utilization at later + time + + // if configured to revoke duplicated key + // revoke cert + if (mRevokeDupKeyCert) { + try { + Enumeration e = list.getCertRecords(0, size-1); + while (e != null && e.hasMoreElements()) { + ICertRecord rec = (ICertRecord) e.nextElement(); + X509CertImpl cert = rec.getCertificate(); + + // revoke the cert + BigInteger serialNum = cert.getSerialNumber(); + ICAService service = (ICAService) mCA.getCAService(); + + RevokedCertImpl crlEntry = + formCRLEntry(serialNum, RevocationReason.KEY_COMPROMISE); + service.revokeCert(crlEntry); + CMS.debug("UniqueKeyConstraint: certificate with duplicate publickey revoked successfully"); + } + } catch (Exception ex) { + CMS.debug("UniqueKeyConstraint: error in revoke dupkey cert"); + } + } // revoke dupkey cert turned on + */ + + if (mAllowSameKeyRenewal == true) { + X500Name sjname_in_db = null; + X500Name sjname_in_req = null; + + try { + // get subject of request + CertificateSubjectName subName = + (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); + + if (subName != null) { + + sjname_in_req = + (X500Name) subName.get(CertificateSubjectName.DN_NAME); + CMS.debug("UniqueKeyConstraint: cert request subject DN =" + sjname_in_req.toString()); + Enumeration e = list.getCertRecords(0, size - 1); + while (e != null && e.hasMoreElements()) { + ICertRecord rec = (ICertRecord) e.nextElement(); + X509CertImpl cert = rec.getCertificate(); + String certDN = + cert.getSubjectDN().toString(); + CMS.debug("UniqueKeyConstraint: cert retrieved from ldap has subject DN =" + certDN); + + sjname_in_db = new X500Name(certDN); + + if (sjname_in_db.equals(sjname_in_req) == false) { + rejected = true; + break; + } else { + rejected = false; + } + } // while + } else { //subName is null + rejected = true; + } + } catch (Exception ex1) { + CMS.debug("UniqueKeyConstraint: error in allowSameKeyRenewal: " + ex1.toString()); + rejected = true; + } // try + + } else { + rejected = true; + }// allowSameKeyRenewal + } // (size > 0) + + if (rejected == true) { + CMS.debug("UniqueKeyConstraint: rejected"); + throw new ERejectException( + CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_DUPLICATE_KEY")); + } else { + CMS.debug("UniqueKeyConstraint: approved"); + } } - /** + /** * make a CRL entry from a serial number and revocation reason. + * * @return a RevokedCertImpl that can be entered in a CRL. - - protected RevokedCertImpl formCRLEntry( - BigInteger serialNo, RevocationReason reason) - throws EBaseException { - CRLReasonExtension reasonExt = new CRLReasonExtension(reason); - CRLExtensions crlentryexts = new CRLExtensions(); - - try { - crlentryexts.set(CRLReasonExtension.NAME, reasonExt); - } catch (IOException e) { - CMS.debug("CMSGW_ERR_CRL_REASON "+e.toString()); - - // throw new ECMSGWException( - // CMS.getLogMessage("CMSGW_ERROR_SETTING_CRLREASON")); - - } - RevokedCertImpl crlentry = - new RevokedCertImpl(serialNo, CMS.getCurrentDate(), - crlentryexts); - - return crlentry; - } - */ + * + * protected RevokedCertImpl formCRLEntry( + * BigInteger serialNo, RevocationReason reason) + * throws EBaseException { + * CRLReasonExtension reasonExt = new CRLReasonExtension(reason); + * CRLExtensions crlentryexts = new CRLExtensions(); + * + * try { + * crlentryexts.set(CRLReasonExtension.NAME, reasonExt); + * } catch (IOException e) { + * CMS.debug("CMSGW_ERR_CRL_REASON "+e.toString()); + * + * // throw new ECMSGWException( + * // CMS.getLogMessage("CMSGW_ERROR_SETTING_CRLREASON")); + * + * } + * RevokedCertImpl crlentry = + * new RevokedCertImpl(serialNo, CMS.getCurrentDate(), + * crlentryexts); + * + * return crlentry; + * } + */ public String getText(Locale locale) { String params[] = { -/* - getConfig(CONFIG_REVOKE_DUPKEY_CERT), -*/ - }; + /* + getConfig(CONFIG_REVOKE_DUPKEY_CERT), + */ + }; - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_ALLOW_SAME_KEY_RENEWAL_TEXT", params); } @@ -285,12 +284,12 @@ public class UniqueKeyConstraint extends EnrollConstraint { } public boolean isApplicable(IPolicyDefault def) { - if (def instanceof NoDefault) - return true; + if (def instanceof NoDefault) + return true; if (def instanceof UniqueKeyConstraint) return true; - return false; + return false; } } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java index 89b8d4602..211aef913 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java @@ -55,13 +55,13 @@ import com.netscape.cms.profile.def.UserSubjectNameDefault; * It checks if the subject name in the certificate is * unique in the internal database, ie, no two certificates * have the same subject name. - * + * * @version $Revision$, $Date$ */ public class UniqueSubjectNameConstraint extends EnrollConstraint { public static final String CONFIG_KEY_USAGE_EXTENSION_CHECKING = - "enableKeyUsageExtensionChecking"; + "enableKeyUsageExtensionChecking"; private boolean mKeyUsageExtensionChecking = true; public UniqueSubjectNameConstraint() { @@ -69,14 +69,14 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_KEY_USAGE_EXTENSION_CHECKING)) { return new Descriptor(IDescriptor.BOOLEAN, null, "true", - CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_KEY_USAGE_EXTENSION_CHECKING")); + CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_KEY_USAGE_EXTENSION_CHECKING")); } return null; } @@ -85,12 +85,12 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { return null; } - /** - * Checks if the key extension in the issued certificate - * is the same as the one in the certificate template. - */ + /** + * Checks if the key extension in the issued certificate + * is the same as the one in the certificate template. + */ private boolean sameKeyUsageExtension(ICertRecord rec, - X509CertInfo certInfo) { + X509CertInfo certInfo) { X509CertImpl impl = rec.getCertificate(); boolean bits[] = impl.getKeyUsage(); @@ -98,7 +98,7 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { try { extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); } catch (IOException e) { } catch (java.security.cert.CertificateException e) { } @@ -110,9 +110,9 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { } else { try { ext = (KeyUsageExtension) extensions.get( - KeyUsageExtension.NAME); + KeyUsageExtension.NAME); } catch (IOException e) { - // extension isn't there. + // extension isn't there. } if (ext == null) { @@ -135,48 +135,47 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { return false; } } - } + } } - return true; + return true; } - /** * Validates the request. The request is not modified * during the validation. - * - * Rules are as follows: + * + * Rules are as follows: * If the subject name is not unique, then the request will be rejected unless: * 1. the certificate is expired or expired_revoked * 2. the certificate is revoked and the revocation reason is not "on hold" * 3. the keyUsageExtension bits are different and enableKeyUsageExtensionChecking=true (default) */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { CMS.debug("UniqueSubjectNameConstraint: validate start"); CertificateSubjectName sn = null; - IAuthority authority = (IAuthority)CMS.getSubsystem("ca"); - + IAuthority authority = (IAuthority) CMS.getSubsystem("ca"); + mKeyUsageExtensionChecking = getConfigBoolean(CONFIG_KEY_USAGE_EXTENSION_CHECKING); ICertificateRepository certdb = null; if (authority != null && authority instanceof ICertificateAuthority) { - ICertificateAuthority ca = (ICertificateAuthority)authority; + ICertificateAuthority ca = (ICertificateAuthority) authority; certdb = ca.getCertificateRepository(); } - + try { sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); } catch (Exception e) { throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } String certsubjectname = null; if (sn == null) throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); else { certsubjectname = sn.toString(); String filter = "x509Cert.subject=" + certsubjectname; @@ -184,7 +183,7 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { try { sameSubjRecords = certdb.findCertRecords(filter); } catch (EBaseException e) { - CMS.debug("UniqueSubjectNameConstraint exception: "+e.toString()); + CMS.debug("UniqueSubjectNameConstraint exception: " + e.toString()); } while (sameSubjRecords != null && sameSubjRecords.hasMoreElements()) { ICertRecord rec = (ICertRecord) sameSubjRecords.nextElement(); @@ -213,8 +212,8 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { continue; } - if (status.equals(ICertRecord.STATUS_REVOKED) && reason != null && - (! reason.equals(RevocationReason.CERTIFICATE_HOLD))) { + if (status.equals(ICertRecord.STATUS_REVOKED) && reason != null && + (!reason.equals(RevocationReason.CERTIFICATE_HOLD))) { continue; } @@ -223,20 +222,20 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { } throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_UNIQUE", - certsubjectname)); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_UNIQUE", + certsubjectname)); } } - CMS.debug("UniqueSubjectNameConstraint: validate end"); + CMS.debug("UniqueSubjectNameConstraint: validate end"); } public String getText(Locale locale) { String params[] = { - getConfig(CONFIG_KEY_USAGE_EXTENSION_CHECKING) + getConfig(CONFIG_KEY_USAGE_EXTENSION_CHECKING) }; - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_UNIQUE_SUBJECT_NAME_TEXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_CONSTRAINT_UNIQUE_SUBJECT_NAME_TEXT", params); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java index 95c322214..53fe471ae 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.io.IOException; import java.util.Date; import java.util.Locale; @@ -40,12 +39,11 @@ import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserValidityDefault; import com.netscape.cms.profile.def.ValidityDefault; - /** * This class implements the validity constraint. * It checks if the validity in the certificate * template satisfies the criteria. - * + * * @version $Revision$, $Date$ */ public class ValidityConstraint extends EnrollConstraint { @@ -68,20 +66,20 @@ public class ValidityConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (name.equals(CONFIG_RANGE) || - name.equals(CONFIG_NOT_BEFORE_GRACE_PERIOD)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + name.equals(CONFIG_NOT_BEFORE_GRACE_PERIOD)) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", name)); - } + } } super.setConfig(name, value); } @@ -108,7 +106,7 @@ public class ValidityConstraint extends EnrollConstraint { * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { CertificateValidity v = null; try { @@ -144,14 +142,14 @@ public class ValidityConstraint extends EnrollConstraint { long millisDiff = notAfter.getTime() - notBefore.getTime(); CMS.debug("ValidityConstraint: millisDiff=" + millisDiff + " notAfter=" + notAfter.getTime() + " notBefore=" + notBefore.getTime()); - long long_days = (millisDiff / 1000 ) / 86400; - CMS.debug("ValidityConstraint: long_days: "+long_days); - int days = (int)long_days; - CMS.debug("ValidityConstraint: days: "+days); + long long_days = (millisDiff / 1000) / 86400; + CMS.debug("ValidityConstraint: long_days: " + long_days); + int days = (int) long_days; + CMS.debug("ValidityConstraint: days: " + days); if (days > Integer.parseInt(getConfig(CONFIG_RANGE))) { throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_VALIDITY_OUT_OF_RANGE", + "CMS_PROFILE_VALIDITY_OUT_OF_RANGE", Integer.toString(days))); } @@ -167,7 +165,7 @@ public class ValidityConstraint extends EnrollConstraint { if (notBeforeCheckStr == null || notBeforeCheckStr.equals("")) { notBeforeCheckStr = "false"; } - notBeforeCheck = Boolean.valueOf(notBeforeCheckStr).booleanValue(); + notBeforeCheck = Boolean.valueOf(notBeforeCheckStr).booleanValue(); String notAfterCheckStr = getConfig(CONFIG_CHECK_NOT_AFTER); boolean notAfterCheck; @@ -175,7 +173,7 @@ public class ValidityConstraint extends EnrollConstraint { if (notAfterCheckStr == null || notAfterCheckStr.equals("")) { notAfterCheckStr = "false"; } - notAfterCheck = Boolean.valueOf(notAfterCheckStr).booleanValue(); + notAfterCheck = Boolean.valueOf(notAfterCheckStr).booleanValue(); String notBeforeGracePeriodStr = getConfig(CONFIG_NOT_BEFORE_GRACE_PERIOD); if (notBeforeGracePeriodStr == null || notBeforeGracePeriodStr.equals("")) { @@ -186,7 +184,7 @@ public class ValidityConstraint extends EnrollConstraint { Date current = CMS.getCurrentDate(); if (notBeforeCheck) { if (notBefore.getTime() > (current.getTime() + notBeforeGracePeriod)) { - CMS.debug("ValidityConstraint: notBefore (" + notBefore + ") > current + "+ + CMS.debug("ValidityConstraint: notBefore (" + notBefore + ") > current + " + "gracePeriod (" + new Date(current.getTime() + notBeforeGracePeriod) + ")"); throw new ERejectException(CMS.getUserMessage(getLocale(request), "CMS_PROFILE_NOT_BEFORE_AFTER_CURRENT")); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java index 6f73cd523..1726ec6b1 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -40,11 +39,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy + * This class implements an enrollment default policy * that populates Authuority Info Access extension. - * + * * @version $Revision$, $Date$ */ public class AuthInfoAccessExtDefault extends EnrollExtDefault { @@ -89,30 +87,30 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { return num; } - + public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_ADS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_AD || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_AD || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); - } - - } catch (Exception e) { + } + + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); - } - } + } + } super.setConfig(name, value); } @@ -142,42 +140,42 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_AD_METHOD)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_AD_METHOD")); } else if (name.startsWith(CONFIG_AD_LOCATIONTYPE)) { - return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", + return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", "URIName", CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATIONTYPE")); } else if (name.startsWith(CONFIG_AD_LOCATION)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATION")); } else if (name.startsWith(CONFIG_AD_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_AD_ENABLE")); } else if (name.startsWith(CONFIG_NUM_ADS)) { return new Descriptor(IDescriptor.INTEGER, null, "1", CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ADS")); - } + } return null; } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_GENERAL_NAMES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES")); } else { @@ -186,45 +184,42 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { AuthInfoAccessExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } - AuthInfoAccessExtension a = new AuthInfoAccessExtension(false); ObjectIdentifier oid = a.getExtensionId(); ext = (AuthInfoAccessExtension) - getExtension(oid.toString(), info); + getExtension(oid.toString(), info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } - + if (name.equals(VAL_CRITICAL)) { ext = (AuthInfoAccessExtension) getExtension(oid.toString(), info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) - { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_GENERAL_NAMES)) { + ext.setCritical(val); + } else if (name.equals(VAL_GENERAL_NAMES)) { ext = (AuthInfoAccessExtension) getExtension(oid.toString(), info); - if(ext == null) - { + if (ext == null) { return; } boolean critical = ext.isCritical(); @@ -263,17 +258,17 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { GeneralNameInterface interface1 = parseGeneralName(locationType + ":" + location); if (interface1 == null) throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", locationType)); + locale, "CMS_INVALID_PROPERTY", locationType)); gn = new GeneralName(interface1); } - + if (method != null) { try { - ext.addAccessDescription(new ObjectIdentifier(method), gn); + ext.addAccessDescription(new ObjectIdentifier(method), gn); } catch (NumberFormatException ee) { - CMS.debug("AuthInfoAccessExtDefault: "+ee.toString()); + CMS.debug("AuthInfoAccessExtDefault: " + ee.toString()); throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_PROFILE_DEF_AIA_OID", method)); + locale, "CMS_PROFILE_DEF_AIA_OID", method)); } } } @@ -296,30 +291,29 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { AuthInfoAccessExtension ext = null; - if (name == null) { + if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } AuthInfoAccessExtension a = new AuthInfoAccessExtension(false); - ObjectIdentifier oid = a.getExtensionId(); + ObjectIdentifier oid = a.getExtensionId(); ext = (AuthInfoAccessExtension) getExtension(oid.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { CMS.debug("AuthInfoAccessExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } @@ -336,7 +330,7 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_GENERAL_NAMES)) { + } else if (name.equals(VAL_GENERAL_NAMES)) { ext = (AuthInfoAccessExtension) getExtension(oid.toString(), info); @@ -345,11 +339,11 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { return ""; int num = getNumAds(); - + CMS.debug("AuthInfoAccess num=" + num); Vector recs = new Vector(); - for (int i = 0; i < num; i++) { + for (int i = 0; i < num; i++) { NameValuePairs np = new NameValuePairs(); AccessDescription des = null; @@ -363,7 +357,7 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { np.add(AD_ENABLE, "false"); } else { ObjectIdentifier methodOid = des.getMethod(); - GeneralName gn = des.getLocation(); + GeneralName gn = des.getLocation(); np.add(AD_METHOD, methodOid.toString()); np.add(AD_LOCATION_TYPE, getGeneralNameType(gn)); @@ -402,7 +396,7 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { ads.append(getConfig(CONFIG_AD_ENABLE + i)); ads.append("}"); } - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AIA_TEXT", + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AIA_TEXT", getConfig(CONFIG_CRITICAL), ads.toString()); } @@ -410,14 +404,14 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { AuthInfoAccessExtension ext = createExtension(); addExtension(ext.getExtensionId().toString(), ext, info); } public AuthInfoAccessExtension createExtension() { - AuthInfoAccessExtension ext = null; + AuthInfoAccessExtension ext = null; int num = getNumAds(); try { @@ -440,21 +434,21 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { String port = CMS.getEENonSSLPort(); if (hostname != null && port != null) // location = "http://"+hostname+":"+port+"/ocsp/ee/ocsp"; - location = "http://"+hostname+":"+port+"/ca/ocsp"; + location = "http://" + hostname + ":" + port + "/ca/ocsp"; } } String s = locationType + ":" + location; GeneralNameInterface gn = parseGeneralName(s); if (gn != null) { - ext.addAccessDescription(new ObjectIdentifier(method), - new GeneralName(gn)); + ext.addAccessDescription(new ObjectIdentifier(method), + new GeneralName(gn)); } } } } catch (Exception e) { - CMS.debug("AuthInfoAccessExtDefault: createExtension " + - e.toString()); + CMS.debug("AuthInfoAccessExtDefault: createExtension " + + e.toString()); } return ext; diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java index a308e2ebf..6c0f6e9fc 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Locale; @@ -35,7 +34,6 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy that * populates subject name based on the attribute values @@ -53,7 +51,7 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -67,8 +65,8 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { CMS.debug("AuthTokenSubjectNameDefault: begins"); if (name == null) { throw new EPropertyException(CMS.getUserMessage(locale, @@ -81,18 +79,18 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault { x500name = new X500Name(value); CMS.debug("AuthTokenSubjectNameDefault: setValue x500name=" + x500name.toString()); } catch (IOException e) { - CMS.debug("AuthTokenSubjectNameDefault: setValue " + - e.toString()); + CMS.debug("AuthTokenSubjectNameDefault: setValue " + + e.toString()); // failed to build x500 name } CMS.debug("AuthTokenSubjectNameDefault: setValue name=" + x500name.toString()); try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(x500name)); } catch (Exception e) { // failed to insert subject name - CMS.debug("AuthTokenSubjectNameDefault: setValue " + - e.toString()); + CMS.debug("AuthTokenSubjectNameDefault: setValue " + + e.toString()); } } else { throw new EPropertyException(CMS.getUserMessage(locale, @@ -101,8 +99,8 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) throw new EPropertyException("Invalid name " + name); if (name.equals(VAL_NAME)) { @@ -114,8 +112,8 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault { return sn.toString(); } catch (Exception e) { // nothing - CMS.debug("AuthTokenSubjectNameDefault: getValue " + - e.toString()); + CMS.debug("AuthTokenSubjectNameDefault: getValue " + + e.toString()); } throw new EPropertyException(CMS.getUserMessage(locale, "CMS_INVALID_PROPERTY", name)); @@ -126,7 +124,7 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault { } public String getText(Locale locale) { - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AUTHTOKEN_SUBJECT_NAME"); } @@ -134,7 +132,7 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { // authenticate the subject name and populate it // to the certinfo diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java index 869deed22..6ec75990c 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Locale; @@ -35,12 +34,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates Authority Key Identifier extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { @@ -56,29 +54,29 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.STRING, + return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, null, CMS.getUserMessage(locale, - "CMS_PROFILE_CRITICAL")); + "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_KEY_ID)) { - return new Descriptor(IDescriptor.STRING, + return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, null, CMS.getUserMessage(locale, - "CMS_PROFILE_KEY_ID")); + "CMS_PROFILE_KEY_ID")); } else { return null; } } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + X509CertInfo info, String value) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_CRITICAL)) { @@ -86,40 +84,38 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { } else if (name.equals(VAL_KEY_ID)) { // do nothing for read only value } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + X509CertInfo info) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } - AuthorityKeyIdentifierExtension ext = (AuthorityKeyIdentifierExtension) getExtension( - PKIXExtensions.AuthorityKey_Id.toString(), info); + PKIXExtensions.AuthorityKey_Id.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = - (AuthorityKeyIdentifierExtension) getExtension( - PKIXExtensions.AuthorityKey_Id.toString(), info); + ext = + (AuthorityKeyIdentifierExtension) getExtension( + PKIXExtensions.AuthorityKey_Id.toString(), info); if (ext == null) { return null; @@ -131,8 +127,8 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { } } else if (name.equals(VAL_KEY_ID)) { ext = - (AuthorityKeyIdentifierExtension) getExtension( - PKIXExtensions.AuthorityKey_Id.toString(), info); + (AuthorityKeyIdentifierExtension) getExtension( + PKIXExtensions.AuthorityKey_Id.toString(), info); if (ext == null) { // do something here @@ -147,11 +143,11 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { // CMS.debug(e.toString()); } - if (kid == null) + if (kid == null) return ""; return toHexString(kid.getIdentifier()); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -164,7 +160,7 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { AuthorityKeyIdentifierExtension ext = createExtension(info); addExtension(PKIXExtensions.AuthorityKey_Id.toString(), ext, info); @@ -174,9 +170,9 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { KeyIdentifier kid = null; String localKey = getConfig("localKey"); if (localKey != null && localKey.equals("true")) { - kid = getKeyIdentifier(info); + kid = getKeyIdentifier(info); } else { - kid = getCAKeyIdentifier(); + kid = getCAKeyIdentifier(); } if (kid == null) @@ -186,8 +182,8 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { try { ext = new AuthorityKeyIdentifierExtension(false, kid, null, null); } catch (IOException e) { - CMS.debug("AuthorityKeyIdentifierExtDefault: createExtension " + - e.toString()); + CMS.debug("AuthorityKeyIdentifierExtDefault: createExtension " + + e.toString()); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java index 7ab05d755..043cf029b 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.util.Locale; import netscape.security.x509.X509CertInfo; @@ -31,11 +30,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that automatically assign request to agent. - * + * * @version $Revision$, $Date$ */ public class AutoAssignDefault extends EnrollDefault { @@ -48,15 +46,15 @@ public class AutoAssignDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_ASSIGN_TO)) { - return new Descriptor(IDescriptor.STRING, + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_ASSIGN_TO)) { + return new Descriptor(IDescriptor.STRING, null, "admin", CMS.getUserMessage(locale, - "CMS_PROFILE_AUTO_ASSIGN")); + "CMS_PROFILE_AUTO_ASSIGN")); } else { return null; } @@ -67,29 +65,29 @@ public class AutoAssignDefault extends EnrollDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { return null; } public String getText(Locale locale) { return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AUTO_ASSIGN", - getConfig(CONFIG_ASSIGN_TO)); + getConfig(CONFIG_ASSIGN_TO)); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { try { - request.setRequestOwner( - mapPattern(request, getConfig(CONFIG_ASSIGN_TO))); + request.setRequestOwner( + mapPattern(request, getConfig(CONFIG_ASSIGN_TO))); } catch (Exception e) { // failed to insert subject name CMS.debug("AutoAssignDefault: populate " + e.toString()); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java index 8c5d8094d..c442bf576 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Locale; @@ -34,12 +33,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates Basic Constraint extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class BasicConstraintsExtDefault extends EnrollExtDefault { @@ -64,21 +62,21 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_IS_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "true", CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA")); } else if (name.equals(CONFIG_PATH_LEN)) { - return new Descriptor(IDescriptor.INTEGER, null, + return new Descriptor(IDescriptor.INTEGER, null, "-1", CMS.getUserMessage(locale, "CMS_PROFILE_PATH_LEN")); } @@ -87,15 +85,15 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_IS_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "true", CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA")); } else if (name.equals(VAL_PATH_LEN)) { - return new Descriptor(IDescriptor.INTEGER, null, + return new Descriptor(IDescriptor.INTEGER, null, "-1", CMS.getUserMessage(locale, "CMS_PROFILE_PATH_LEN")); } else { @@ -104,39 +102,37 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { BasicConstraintsExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (BasicConstraintsExtension) getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - if(ext == null) - { - populate(null,info); + if (ext == null) { + populate(null, info); } if (name.equals(VAL_CRITICAL)) { ext = (BasicConstraintsExtension) getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - boolean val = Boolean.valueOf(value).booleanValue(); - + boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) { + if (ext == null) { return; } ext.setCritical(val); } else if (name.equals(VAL_IS_CA)) { ext = (BasicConstraintsExtension) getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } Boolean isCA = Boolean.valueOf(value); @@ -146,7 +142,7 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { ext = (BasicConstraintsExtension) getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } Integer pathLen = Integer.valueOf(value); @@ -156,8 +152,8 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { throw new EPropertyException("Invalid name " + name); } replaceExtension(PKIXExtensions.BasicConstraints_Id.toString(), - ext, info); - } catch (IOException e) { + ext, info); + } catch (IOException e) { CMS.debug("BasicConstraintsExtDefault: setValue " + e.toString()); throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); @@ -169,35 +165,34 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { try { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } BasicConstraintsExtension ext = (BasicConstraintsExtension) getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - if(ext == null) - { + if (ext == null) { CMS.debug("BasicConstraintsExtDefault: getValue ext is null, populating a new one "); - - try { - populate(null,info); + + try { + populate(null, info); } catch (EProfileException e) { CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); + ext = (BasicConstraintsExtension) + getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); if (ext == null) { return null; @@ -208,8 +203,8 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { return "false"; } } else if (name.equals(VAL_IS_CA)) { - ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); + ext = (BasicConstraintsExtension) + getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); if (ext == null) { return null; @@ -218,41 +213,38 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { return isCA.toString(); } else if (name.equals(VAL_PATH_LEN)) { - ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); + ext = (BasicConstraintsExtension) + getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); if (ext == null) { return null; } Integer pathLen = (Integer) - ext.get(BasicConstraintsExtension.PATH_LEN); - + ext.get(BasicConstraintsExtension.PATH_LEN); String pLen = null; pLen = pathLen.toString(); - if(pLen.equals("-2")) - { - //This is done for bug 621700. Profile constraints actually checks for -1 - //The low level security class for some reason sets this to -2 - //This will allow the request to be approved successfuly by the agent. + if (pLen.equals("-2")) { + //This is done for bug 621700. Profile constraints actually checks for -1 + //The low level security class for some reason sets this to -2 + //This will allow the request to be approved successfuly by the agent. - pLen = "-1"; + pLen = "-1"; } - + CMS.debug("BasicConstriantsExtDefault getValue(pLen) " + pLen); - + return pLen; - - } else { - throw new EPropertyException(CMS.getUserMessage( + } else { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } catch (IOException e) { CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -271,11 +263,11 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { BasicConstraintsExtension ext = createExtension(); addExtension(PKIXExtensions.BasicConstraints_Id.toString(), ext, - info); + info); } public BasicConstraintsExtension createExtension() { @@ -287,8 +279,7 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { int pathLen = -2; - - if(!pathLenStr.equals("") ) { + if (!pathLenStr.equals("")) { pathLen = Integer.valueOf(pathLenStr).intValue(); } @@ -296,8 +287,8 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { try { ext = new BasicConstraintsExtension(isCA, critical, pathLen); } catch (Exception e) { - CMS.debug("BasicConstraintsExtDefault: createExtension " + - e.toString()); + CMS.debug("BasicConstraintsExtDefault: createExtension " + + e.toString()); return null; } ext.setCritical(critical); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java index 4b883f7f8..872e32960 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @@ -34,12 +33,11 @@ import netscape.security.x509.X509Key; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.ca.ICertificateAuthority; - /** - * This class implements an abstract CA specific + * This class implements an abstract CA specific * Enrollment default. This policy can only be * used with CA subsystem. - * + * * @version $Revision$, $Date$ */ public abstract class CAEnrollDefault extends EnrollDefault { @@ -48,8 +46,8 @@ public abstract class CAEnrollDefault extends EnrollDefault { public KeyIdentifier getKeyIdentifier(X509CertInfo info) { try { - CertificateX509Key ckey = (CertificateX509Key) - info.get(X509CertInfo.KEY); + CertificateX509Key ckey = (CertificateX509Key) + info.get(X509CertInfo.KEY); X509Key key = (X509Key) ckey.get(CertificateX509Key.KEY); MessageDigest md = MessageDigest.getInstance("SHA-1"); @@ -59,35 +57,35 @@ public abstract class CAEnrollDefault extends EnrollDefault { return new KeyIdentifier(hash); } catch (IOException e) { CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + - e.toString()); + e.toString()); } catch (CertificateException e) { CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + - e.toString()); + e.toString()); } catch (NoSuchAlgorithmException e) { CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + - e.toString()); + e.toString()); } return null; } public KeyIdentifier getCAKeyIdentifier() { ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + CMS.getSubsystem(CMS.SUBSYSTEM_CA); X509CertImpl caCert = ca.getCACert(); if (caCert == null) { - // during configuration, we dont have the CA certificate - return null; + // during configuration, we dont have the CA certificate + return null; } X509Key key = (X509Key) caCert.getPublicKey(); SubjectKeyIdentifierExtension subjKeyIdExt = - (SubjectKeyIdentifierExtension) - caCert.getExtension(PKIXExtensions.SubjectKey_Id.toString()); + (SubjectKeyIdentifierExtension) + caCert.getExtension(PKIXExtensions.SubjectKey_Id.toString()); if (subjKeyIdExt != null) { try { - KeyIdentifier keyId = (KeyIdentifier) subjKeyIdExt.get( - SubjectKeyIdentifierExtension.KEY_ID); - return keyId; + KeyIdentifier keyId = (KeyIdentifier) subjKeyIdExt.get( + SubjectKeyIdentifierExtension.KEY_ID); + return keyId; } catch (IOException e) { } } @@ -101,7 +99,7 @@ public abstract class CAEnrollDefault extends EnrollDefault { return new KeyIdentifier(hash); } catch (NoSuchAlgorithmException e) { CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + - e.toString()); + e.toString()); } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java index 8bf4c75fa..e3b834ce5 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.text.ParsePosition; import java.text.SimpleDateFormat; @@ -39,7 +38,6 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements a CA signing cert enrollment default policy * that populates a server-side configurable validity @@ -49,11 +47,11 @@ import com.netscape.certsrv.request.IRequest; public class CAValidityDefault extends EnrollDefault { public static final String CONFIG_RANGE = "range"; public static final String CONFIG_START_TIME = "startTime"; - public static final String CONFIG_BYPASS_CA_NOTAFTER= "bypassCAnotafter"; + public static final String CONFIG_BYPASS_CA_NOTAFTER = "bypassCAnotafter"; public static final String VAL_NOT_BEFORE = "notBefore"; public static final String VAL_NOT_AFTER = "notAfter"; - public static final String VAL_BYPASS_CA_NOTAFTER= "bypassCAnotafter"; + public static final String VAL_BYPASS_CA_NOTAFTER = "bypassCAnotafter"; public static final String DATE_FORMAT = "yyyy-MM-dd HH:mm:ss"; @@ -72,28 +70,28 @@ public class CAValidityDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mCA = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + CMS.getSubsystem(CMS.SUBSYSTEM_CA); } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (name.equals(CONFIG_RANGE)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_RANGE)); - } + } } else if (name.equals(CONFIG_START_TIME)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_START_TIME)); - } + } } super.setConfig(name, value); } @@ -101,16 +99,16 @@ public class CAValidityDefault extends EnrollDefault { public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_RANGE)) { return new Descriptor(IDescriptor.STRING, - null, + null, "2922", /* 8 years */ CMS.getUserMessage(locale, - "CMS_PROFILE_VALIDITY_RANGE")); + "CMS_PROFILE_VALIDITY_RANGE")); } else if (name.equals(CONFIG_START_TIME)) { return new Descriptor(IDescriptor.STRING, - null, + null, "60", /* 1 minute */ CMS.getUserMessage(locale, - "CMS_PROFILE_VALIDITY_START_TIME")); + "CMS_PROFILE_VALIDITY_START_TIME")); } else if (name.equals(CONFIG_BYPASS_CA_NOTAFTER)) { return new Descriptor(IDescriptor.BOOLEAN, null, "false", @@ -138,21 +136,21 @@ public class CAValidityDefault extends EnrollDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { + X509CertInfo info, String value) + throws EPropertyException { + if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } - if (value == null || value.equals("")) { + if (value == null || value.equals("")) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } - CMS.debug("CAValidityDefault: setValue name= "+ name); + CMS.debug("CAValidityDefault: setValue name= " + name); if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); ParsePosition pos = new ParsePosition(0); Date date = formatter.parse(value, pos); CertificateValidity validity = null; @@ -161,15 +159,15 @@ public class CAValidityDefault extends EnrollDefault { validity = (CertificateValidity) info.get(X509CertInfo.VALIDITY); validity.set(CertificateValidity.NOT_BEFORE, - date); + date); } catch (Exception e) { CMS.debug("CAValidityDefault: setValue " + e.toString()); throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); ParsePosition pos = new ParsePosition(0); Date date = formatter.parse(value, pos); CertificateValidity validity = null; @@ -178,7 +176,7 @@ public class CAValidityDefault extends EnrollDefault { validity = (CertificateValidity) info.get(X509CertInfo.VALIDITY); validity.set(CertificateValidity.NOT_AFTER, - date); + date); } catch (Exception e) { CMS.debug("CAValidityDefault: setValue " + e.toString()); throw new EPropertyException(CMS.getUserMessage( @@ -186,23 +184,23 @@ public class CAValidityDefault extends EnrollDefault { } } else if (name.equals(VAL_BYPASS_CA_NOTAFTER)) { boolean bypassCAvalidity = Boolean.valueOf(value).booleanValue(); - CMS.debug("CAValidityDefault: setValue: bypassCAvalidity="+ bypassCAvalidity); + CMS.debug("CAValidityDefault: setValue: bypassCAvalidity=" + bypassCAvalidity); BasicConstraintsExtension ext = (BasicConstraintsExtension) getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - if(ext == null) { + if (ext == null) { CMS.debug("CAValidityDefault: setValue: this default cannot be applied to non-CA cert."); return; } try { Boolean isCA = (Boolean) ext.get(BasicConstraintsExtension.IS_CA); - if(isCA.booleanValue() != true) { + if (isCA.booleanValue() != true) { CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert."); return; } } catch (Exception e) { - CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert."+ e.toString()); + CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert." + e.toString()); return; } @@ -210,7 +208,7 @@ public class CAValidityDefault extends EnrollDefault { Date notAfter = null; try { validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); + info.get(X509CertInfo.VALIDITY); notAfter = (Date) validity.get(CertificateValidity.NOT_AFTER); } catch (Exception e) { CMS.debug("CAValidityDefault: setValue " + e.toString()); @@ -220,7 +218,7 @@ public class CAValidityDefault extends EnrollDefault { // not to exceed CA's expiration Date caNotAfter = - mCA.getSigningUnit().getCertImpl().getNotAfter(); + mCA.getSigningUnit().getCertImpl().getNotAfter(); if (notAfter.after(caNotAfter)) { if (bypassCAvalidity == false) { @@ -232,7 +230,7 @@ public class CAValidityDefault extends EnrollDefault { } try { validity.set(CertificateValidity.NOT_AFTER, - notAfter); + notAfter); } catch (Exception e) { CMS.debug("CAValidityDefault: setValue " + e.toString()); throw new EPropertyException(CMS.getUserMessage( @@ -243,19 +241,19 @@ public class CAValidityDefault extends EnrollDefault { locale, "CMS_INVALID_PROPERTY", name)); } } - + public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); - CMS.debug("CAValidityDefault: getValue: name= "+ name); + CMS.debug("CAValidityDefault: getValue: name= " + name); if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); CertificateValidity validity = null; try { @@ -269,8 +267,8 @@ public class CAValidityDefault extends EnrollDefault { locale, "CMS_INVALID_PROPERTY", name)); } } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); CertificateValidity validity = null; try { @@ -298,19 +296,19 @@ public class CAValidityDefault extends EnrollDefault { getConfig(CONFIG_BYPASS_CA_NOTAFTER) }; - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", params); + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", params); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { // always + 60 seconds String startTimeStr = getConfig(CONFIG_START_TIME); try { - startTimeStr = mapPattern(request, startTimeStr); + startTimeStr = mapPattern(request, startTimeStr); } catch (IOException e) { CMS.debug("CAValidityDefault: populate " + e.toString()); } @@ -325,7 +323,7 @@ public class CAValidityDefault extends EnrollDefault { try { String rangeStr = getConfig(CONFIG_RANGE); rangeStr = mapPattern(request, rangeStr); - notAfterVal = notBefore.getTime() + + notAfterVal = notBefore.getTime() + (mDefault * Integer.parseInt(rangeStr)); } catch (Exception e) { // configured value is not correct @@ -335,8 +333,8 @@ public class CAValidityDefault extends EnrollDefault { } Date notAfter = new Date(notAfterVal); - CertificateValidity validity = - new CertificateValidity(notBefore, notAfter); + CertificateValidity validity = + new CertificateValidity(notBefore, notAfter); try { info.set(X509CertInfo.VALIDITY, validity); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java index 6dfb24c13..92592d137 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -45,12 +44,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a CRL Distribution points extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { @@ -84,32 +82,31 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_POINTS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_POINTS || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_POINTS || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS)); - } + } } super.setConfig(name, value); } - public Enumeration getConfigNames() { refreshConfigAndValueNames(); return super.getConfigNames(); @@ -147,39 +144,39 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } } - if (num >= MAX_NUM_POINTS) + if (num >= MAX_NUM_POINTS) num = DEF_NUM_POINTS; return num; } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_CRITICAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_POINT_TYPE)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_POINT_TYPE")); } else if (name.startsWith(CONFIG_POINT_NAME)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_POINT_NAME")); } else if (name.startsWith(CONFIG_REASONS)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_REASONS")); } else if (name.startsWith(CONFIG_ISSUER_TYPE)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_TYPE")); } else if (name.startsWith(CONFIG_ISSUER_NAME)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_NAME")); } else if (name.startsWith(CONFIG_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); } else if (name.startsWith(CONFIG_NUM_POINTS)) { @@ -193,12 +190,12 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + if (name.equals(VAL_CRITICAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { - return new Descriptor(IDescriptor.STRING_LIST, null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_CRL_DISTRIBUTION_POINTS")); } else { @@ -207,47 +204,45 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { CRLDistributionPointsExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (CRLDistributionPointsExtension) getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); + info); - if(ext == null) { - populate(locale,info); + if (ext == null) { + populate(locale, info); } if (name.equals(VAL_CRITICAL)) { ext = (CRLDistributionPointsExtension) - getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); + getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), + info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) - { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { + ext.setCritical(val); + } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { ext = (CRLDistributionPointsExtension) - getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); + getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), + info); - if(ext == null) - { + if (ext == null) { return; } Vector v = parseRecords(value); int size = v.size(); - + boolean critical = ext.isCritical(); int i = 0; @@ -285,7 +280,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { if (issuerType != null) addIssuer(locale, cdp, issuerType, issuerValue); - // this is the first distribution point + // this is the first distribution point if (i == 0) { ext = new CRLDistributionPointsExtension(cdp); ext.setCritical(critical); @@ -295,51 +290,51 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - ext, info); + ext, info); } catch (EProfileException e) { - CMS.debug("CRLDistributionPointsExtDefault: setValue " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( + CMS.debug("CRLDistributionPointsExtDefault: setValue " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } private void addCRLPoint(Locale locale, CRLDistributionPoint cdp, String type, - String value) throws EPropertyException { + String value) throws EPropertyException { try { if (value == null || value.length() == 0) return; - + if (type.equals(RELATIVETOISSUER)) { cdp.setRelativeName(new RDN(value)); } else if (isGeneralNameType(type)) { GeneralNames gen = new GeneralNames(); - gen.addElement(parseGeneralName(type,value)); + gen.addElement(parseGeneralName(type, value)); cdp.setFullName(gen); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", type)); } } catch (IOException e) { - CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( + CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", type)); } catch (GeneralNamesException e) { - CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( + CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", type)); } } private void addIssuer(Locale locale, CRLDistributionPoint cdp, String type, - String value) throws EPropertyException { + String value) throws EPropertyException { if (value == null || value.length() == 0) return; try { @@ -349,20 +344,20 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { gen.addElement(parseGeneralName(type, value)); cdp.setCRLIssuer(gen); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", type)); } } catch (IOException e) { - CMS.debug("CRLDistributionPointsExtDefault: addIssuer " + - e.toString()); + CMS.debug("CRLDistributionPointsExtDefault: addIssuer " + + e.toString()); } catch (GeneralNamesException e) { - CMS.debug("CRLDistributionPointsExtDefault: addIssuer " + - e.toString()); + CMS.debug("CRLDistributionPointsExtDefault: addIssuer " + + e.toString()); } } - private void addReasons(Locale locale, CRLDistributionPoint cdp, String type, - String value) throws EPropertyException { + private void addReasons(Locale locale, CRLDistributionPoint cdp, String type, + String value) throws EPropertyException { if (value == null || value.length() == 0) return; if (type.equals(REASONS)) { @@ -376,7 +371,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { if (r == null) { CMS.debug("CRLDistributeionPointsExtDefault: addReasons Unknown reason: " + s); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", s)); } else { reasonBits |= r.getBitMask(); @@ -384,47 +379,46 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } if (reasonBits != 0) { - BitArray ba = new BitArray(8, new byte[] {reasonBits} - ); + BitArray ba = new BitArray(8, new byte[] { reasonBits } + ); cdp.setReasons(ba); } } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", type)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { CRLDistributionPointsExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (CRLDistributionPointsExtension) getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); + info); - if(ext == null) - { + if (ext == null) { try { - populate(locale,info); + populate(locale, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { ext = (CRLDistributionPointsExtension) - getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); + getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), + info); if (ext == null) { return null; @@ -434,10 +428,10 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { + } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { ext = (CRLDistributionPointsExtension) - getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); + getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), + info); if (ext == null) return ""; @@ -451,7 +445,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { NameValuePairs pairs = null; if (i < ext.getNumPoints()) { - CRLDistributionPoint p = ext.getPointAt(i); + CRLDistributionPoint p = ext.getPointAt(i); GeneralNames gns = p.getFullName(); pairs = buildGeneralNames(gns, p); @@ -461,10 +455,10 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { recs.addElement(pairs); } } - + return buildRecords(recs); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -482,7 +476,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } protected NameValuePairs buildGeneralNames(GeneralNames gns, CRLDistributionPoint p) - throws EPropertyException { + throws EPropertyException { NameValuePairs pairs = new NameValuePairs(); @@ -551,14 +545,14 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { if (reasons != null) { byte[] b = reasons.toByteArray(); Reason[] reasonArray = Reason.bitArrayToReasonArray(b); - + for (int i = 0; i < reasonArray.length; i++) { if (sb.length() > 0) sb.append(","); sb.append(reasonArray[i].getName()); } } - + return sb.toString(); } @@ -589,8 +583,8 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { sb.append(getConfig(CONFIG_ENABLE + i)); sb.append("}"); } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_CRL_DIST_POINTS_EXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_CRL_DIST_POINTS_EXT", getConfig(CONFIG_CRITICAL), sb.toString()); } @@ -599,29 +593,30 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ private void populate(Locale locale, X509CertInfo info) - throws EProfileException { + throws EProfileException { CRLDistributionPointsExtension ext = createExtension(locale); if (ext == null) return; addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - ext, info); + ext, info); } + /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { CRLDistributionPointsExtension ext = createExtension(request); if (ext == null) return; - addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - ext, info); + addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), + ext, info); } public CRLDistributionPointsExtension createExtension(IRequest request) { - CRLDistributionPointsExtension ext = null; + CRLDistributionPointsExtension ext = null; int num = 0; try { @@ -631,8 +626,8 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { for (int i = 0; i < num; i++) { CRLDistributionPoint cdp = new CRLDistributionPoint(); - String enable = getConfig(CONFIG_ENABLE + i); - String pointType = getConfig(CONFIG_POINT_TYPE + i); + String enable = getConfig(CONFIG_ENABLE + i); + String pointType = getConfig(CONFIG_POINT_TYPE + i); String pointName = getConfig(CONFIG_POINT_NAME + i); String reasons = getConfig(CONFIG_REASONS + i); String issuerType = getConfig(CONFIG_ISSUER_TYPE + i); @@ -644,7 +639,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { if (issuerType != null) addIssuer(getLocale(request), cdp, issuerType, issuerName); if (reasons != null) - addReasons(getLocale(request), cdp, REASONS, reasons); + addReasons(getLocale(request), cdp, REASONS, reasons); if (i == 0) { ext = new CRLDistributionPointsExtension(cdp); @@ -656,7 +651,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } } catch (Exception e) { CMS.debug("CRLDistribtionPointsExtDefault: createExtension " + - e.toString()); + e.toString()); CMS.debug(e); } @@ -698,7 +693,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } } catch (Exception e) { CMS.debug("CRLDistribtionPointsExtDefault: createExtension " + - e.toString()); + e.toString()); CMS.debug(e); } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java index 14eec785e..4a5c72a15 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java @@ -1,4 +1,3 @@ - // --- BEGIN COPYRIGHT BLOCK --- // This program is free software; you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by @@ -18,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -52,7 +50,7 @@ import com.netscape.certsrv.request.IRequest; * This class implements an enrollment default policy * that populates a policy mappings extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class CertificatePoliciesExtDefault extends EnrollExtDefault { @@ -122,33 +120,32 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { int num = 0; if (name.equals(CONFIG_POLICY_NUM)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_POLICIES || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_POLICIES || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_POLICY_NUM)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_POLICY_NUM)); - } + } } super.setConfig(name, value); } - public Enumeration getConfigNames() { refreshConfigAndValueNames(); return super.getConfigNames(); @@ -166,22 +163,22 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { int numQualifiers = getNumQualifiers(); addConfigName(CONFIG_POLICY_NUM); - + for (int i = 0; i < num; i++) { - addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ID); - addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ENABLE); - for (int j=0; j<numQualifiers; j++) { - addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_ENABLE); - addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ENABLE); - addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_VALUE); - addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ORG); - addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_NUMBERS); - addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_TEXT); + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ID); + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ENABLE); + for (int j = 0; j < numQualifiers; j++) { + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_ENABLE); + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ENABLE); + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_VALUE); + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ORG); + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_TEXT); } } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { return new Descriptor(IDescriptor.BOOLEAN, null, @@ -189,16 +186,16 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.indexOf(CONFIG_POLICY_ID) >= 0) { return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_ID")); + null, + CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_ID")); } else if (name.indexOf(CONFIG_CPSURI_ENABLE) >= 0) { return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_CPSURI_ENABLE")); + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_CPSURI_ENABLE")); } else if (name.indexOf(CONFIG_USERNOTICE_ENABLE) >= 0) { return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_USERNOTICE_ENABLE")); + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_USERNOTICE_ENABLE")); } else if (name.indexOf(CONFIG_POLICY_ENABLE) >= 0) { return new Descriptor(IDescriptor.BOOLEAN, null, "false", @@ -225,8 +222,8 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_CPSURI")); } else if (name.indexOf(CONFIG_POLICY_NUM) >= 0) { return new Descriptor(IDescriptor.INTEGER, null, - "5", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICIES")); + "5", + CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICIES")); } return null; } @@ -234,7 +231,7 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_POLICY_QUALIFIERS)) { @@ -253,126 +250,126 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { int index = token.indexOf(":"); if (index <= 0) throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", token)); + "CMS_INVALID_PROPERTY", token)); String name = token.substring(0, index); String val = ""; - if ((token.length()-1) > index) { - val = token.substring(index+1); + if ((token.length() - 1) > index) { + val = token.substring(index + 1); } table.put(name, val); - } - + } + return table; } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { CertificatePoliciesExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_CRITICAL)) { ext = (CertificatePoliciesExtension) - getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - info); + getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), + info); boolean val = Boolean.valueOf(value).booleanValue(); - ext.setCritical(val); - } else if (name.equals(VAL_POLICY_QUALIFIERS)) { + ext.setCritical(val); + } else if (name.equals(VAL_POLICY_QUALIFIERS)) { ext = (CertificatePoliciesExtension) - getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - info); - + getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), + info); + Hashtable h = buildRecords(value); - String numStr = (String)h.get(CONFIG_POLICY_NUM); + String numStr = (String) h.get(CONFIG_POLICY_NUM); int size = Integer.parseInt(numStr); Vector certificatePolicies = new Vector(); for (int i = 0; i < size; i++) { - String enable = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ENABLE); + String enable = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ENABLE); CertificatePolicyInfo cinfo = null; if (enable != null && enable.equals("true")) { - String policyId = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ID); + String policyId = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ID); - if (policyId == null || policyId.length() == 0) - throw new EPropertyException(CMS.getUserMessage( + if (policyId == null || policyId.length() == 0) + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID")); CertificatePolicyId cpolicyId = getPolicyId(policyId); - String qualifersNum = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_QUALIFIERS_NUM); + String qualifersNum = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_QUALIFIERS_NUM); PolicyQualifiers policyQualifiers = new PolicyQualifiers(); int num = 0; if (qualifersNum != null && qualifersNum.length() > 0) num = Integer.parseInt(qualifersNum); - for (int j=0; j<num; j++) { - String cpsuriEnable = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_ENABLE); - String usernoticeEnable = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ENABLE); + for (int j = 0; j < num; j++) { + String cpsuriEnable = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_ENABLE); + String usernoticeEnable = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ENABLE); if (cpsuriEnable != null && cpsuriEnable.equals("true")) { - String cpsuri = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_VALUE); + String cpsuri = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_VALUE); netscape.security.x509.PolicyQualifierInfo qualifierInfo = createCPSuri(cpsuri); if (qualifierInfo != null) - policyQualifiers.add(qualifierInfo); + policyQualifiers.add(qualifierInfo); } else if (usernoticeEnable != null && enable.equals("true")) { - String org = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ORG); - String noticenumbers = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_NUMBERS); - String explicitText = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_TEXT); + String org = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ORG); + String noticenumbers = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); + String explicitText = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_TEXT); netscape.security.x509.PolicyQualifierInfo qualifierInfo = createUserNotice(org, - noticenumbers, explicitText); + noticenumbers, explicitText); if (qualifierInfo != null) - policyQualifiers.add(qualifierInfo); + policyQualifiers.add(qualifierInfo); } } if (policyQualifiers.size() <= 0) { cinfo = - new CertificatePolicyInfo(cpolicyId); + new CertificatePolicyInfo(cpolicyId); } else { cinfo = - new CertificatePolicyInfo(cpolicyId, policyQualifiers); + new CertificatePolicyInfo(cpolicyId, policyQualifiers); } if (cinfo != null) - certificatePolicies.addElement(cinfo); + certificatePolicies.addElement(cinfo); } } ext.set(CertificatePoliciesExtension.INFOS, certificatePolicies); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - ext, info); + ext, info); } catch (EProfileException e) { CMS.debug("CertificatePoliciesExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } catch (IOException e) { CMS.debug("CertificatePoliciesExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { CertificatePoliciesExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_CRITICAL)) { ext = (CertificatePoliciesExtension) - getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - info); + getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), + info); if (ext == null) { return null; @@ -382,10 +379,10 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_POLICY_QUALIFIERS)) { + } else if (name.equals(VAL_POLICY_QUALIFIERS)) { ext = (CertificatePoliciesExtension) - getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - info); + getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), + info); if (ext == null) return ""; @@ -399,7 +396,7 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { sb.append("\n"); Vector infos = null; try { - infos = (Vector)(ext.get(CertificatePoliciesExtension.INFOS)); + infos = (Vector) (ext.get(CertificatePoliciesExtension.INFOS)); } catch (IOException ee) { } Enumeration policies = ext.getElements(); @@ -409,70 +406,70 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { String policyId = ""; String policyEnable = "false"; PolicyQualifiers qualifiers = null; - if (infos.size() > 0) { - CertificatePolicyInfo cinfo = - (CertificatePolicyInfo) infos.elementAt(0); - - CertificatePolicyId id1 = cinfo.getPolicyIdentifier(); + if (infos.size() > 0) { + CertificatePolicyInfo cinfo = + (CertificatePolicyInfo) infos.elementAt(0); + + CertificatePolicyId id1 = cinfo.getPolicyIdentifier(); policyId = id1.getIdentifier().toString(); policyEnable = "true"; qualifiers = cinfo.getPolicyQualifiers(); if (qualifiers != null) - qSize = qualifiers.size(); + qSize = qualifiers.size(); infos.removeElementAt(0); } - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ENABLE); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ENABLE); sb.append(":"); sb.append(policyEnable); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ID); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ID); sb.append(":"); sb.append(policyId); sb.append("\n"); - + if (qSize == 0) { - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_QUALIFIERS_NUM); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_QUALIFIERS_NUM); sb.append(":"); sb.append(DEF_NUM_QUALIFIERS); sb.append("\n"); } else { - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_QUALIFIERS_NUM); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_QUALIFIERS_NUM); sb.append(":"); sb.append(qSize); sb.append("\n"); } if (qSize == 0) { - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_CPSURI_ENABLE); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_CPSURI_ENABLE); sb.append(":"); sb.append("false"); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_CPSURI_VALUE); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_CPSURI_VALUE); sb.append(":"); sb.append(""); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_USERNOTICE_ENABLE); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_ENABLE); sb.append(":"); sb.append("false"); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_USERNOTICE_ORG); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_ORG); sb.append(":"); sb.append(""); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_USERNOTICE_NUMBERS); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); sb.append(":"); sb.append(""); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_USERNOTICE_TEXT); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_TEXT); sb.append(":"); sb.append(""); sb.append("\n"); } - for (int j=0; j<qSize; j++) { + for (int j = 0; j < qSize; j++) { netscape.security.x509.PolicyQualifierInfo qinfo = qualifiers.getInfoAt(j); ObjectIdentifier oid = qinfo.getId(); Qualifier qualifier = qinfo.getQualifier(); - + String cpsuriEnable = "false"; String usernoticeEnable = "false"; String cpsuri = ""; @@ -482,16 +479,16 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { if (oid.toString().equals(netscape.security.x509.PolicyQualifierInfo.QT_CPS.toString())) { cpsuriEnable = "true"; - CPSuri content = (CPSuri)qualifier; - cpsuri = content.getURI(); + CPSuri content = (CPSuri) qualifier; + cpsuri = content.getURI(); } else if (oid.toString().equals(netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE.toString())) { usernoticeEnable = "true"; - UserNotice content = (UserNotice)qualifier; + UserNotice content = (UserNotice) qualifier; NoticeReference ref = content.getNoticeReference(); if (ref != null) { org = ref.getOrganization().getText(); int[] nums = ref.getNumbers(); - for (int k=0; k<nums.length; k++) { + for (int k = 0; k < nums.length; k++) { if (k != 0) { noticeNum.append(","); noticeNum.append(nums[k]); @@ -504,27 +501,27 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { explicitText = displayText.getText(); } - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_ENABLE); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_ENABLE); sb.append(":"); sb.append(cpsuriEnable); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_VALUE); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_VALUE); sb.append(":"); sb.append(cpsuri); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ENABLE); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ENABLE); sb.append(":"); sb.append(usernoticeEnable); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ORG); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ORG); sb.append(":"); sb.append(org); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_NUMBERS); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); sb.append(":"); sb.append(noticeNum.toString()); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_TEXT); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_TEXT); sb.append(":"); sb.append(explicitText); sb.append("\n"); @@ -532,7 +529,7 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { } // end of for loop return sb.toString(); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -551,7 +548,7 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { sb.append(","); for (int i = 0; i < num; i++) { sb.append("{"); - IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX+i); + IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX + i); String enable = substore.getString(CONFIG_POLICY_ENABLE, ""); sb.append(POLICY_ID_ENABLE + ":"); sb.append(enable); @@ -561,18 +558,18 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { sb.append(policyId); sb.append(","); String qualifiersNum = substore.getString(CONFIG_POLICY_QUALIFIERS_NUM, ""); - sb.append(CONFIG_POLICY_QUALIFIERS_NUM+":"); + sb.append(CONFIG_POLICY_QUALIFIERS_NUM + ":"); sb.append(qualifiersNum); sb.append(","); - for (int j=0; j<num1; j++) { - IConfigStore substore1 = substore.getSubStore(CONFIG_PREFIX1+j); + for (int j = 0; j < num1; j++) { + IConfigStore substore1 = substore.getSubStore(CONFIG_PREFIX1 + j); sb.append("{"); String cpsuriEnable = substore1.getString(CONFIG_CPSURI_ENABLE, ""); sb.append(POLICY_QUALIFIER_CPSURI_ENABLE + ":"); sb.append(cpsuriEnable); sb.append(","); String usernoticeEnable = substore1.getString(CONFIG_USERNOTICE_ENABLE, ""); - sb.append(POLICY_QUALIFIER_USERNOTICE_ENABLE+ ":"); + sb.append(POLICY_QUALIFIER_USERNOTICE_ENABLE + ":"); sb.append(usernoticeEnable); sb.append(","); String org = substore1.getString(CONFIG_USERNOTICE_ORG, ""); @@ -595,9 +592,9 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { sb.append("}"); } sb.append("}"); - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_CERTIFICATE_POLICIES_EXT", - getConfig(CONFIG_CRITICAL), sb.toString()); + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_CERTIFICATE_POLICIES_EXT", + getConfig(CONFIG_CRITICAL), sb.toString()); } catch (Exception e) { return ""; } @@ -607,72 +604,72 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { CertificatePoliciesExtension ext = createExtension(); if (ext == null) return; - addExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - ext, info); + addExtension(PKIXExtensions.CertificatePolicies_Id.toString(), + ext, info); } - public CertificatePoliciesExtension createExtension() - throws EProfileException { - CertificatePoliciesExtension ext = null; + public CertificatePoliciesExtension createExtension() + throws EProfileException { + CertificatePoliciesExtension ext = null; try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); Vector certificatePolicies = new Vector(); int num = getNumPolicies(); - CMS.debug("CertificatePoliciesExtension: createExtension: number of policies="+num); + CMS.debug("CertificatePoliciesExtension: createExtension: number of policies=" + num); IConfigStore config = getConfigStore(); - for (int i = 0; i < num; i++) { + for (int i = 0; i < num; i++) { IConfigStore basesubstore = config.getSubStore("params"); - IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX+i); + IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX + i); String enable = substore.getString(CONFIG_POLICY_ENABLE); - CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy "+i+" enable="+enable); + CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy " + i + " enable=" + enable); if (enable != null && enable.equals("true")) { String policyId = substore.getString(CONFIG_POLICY_ID); CertificatePolicyId cpolicyId = getPolicyId(policyId); - CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy "+i+" policyId="+policyId); + CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy " + i + " policyId=" + policyId); int qualifierNum = getNumQualifiers(); PolicyQualifiers policyQualifiers = new PolicyQualifiers(); - for (int j=0; j<qualifierNum; j++) { - IConfigStore substore1 = substore.getSubStore(CONFIG_PREFIX1+j); + for (int j = 0; j < qualifierNum; j++) { + IConfigStore substore1 = substore.getSubStore(CONFIG_PREFIX1 + j); String cpsuriEnable = substore1.getString(CONFIG_CPSURI_ENABLE); String usernoticeEnable = substore1.getString(CONFIG_USERNOTICE_ENABLE); if (cpsuriEnable != null && cpsuriEnable.equals("true")) { String cpsuri = substore1.getString(CONFIG_CPSURI_VALUE, ""); - netscape.security.x509.PolicyQualifierInfo qualifierInfo = createCPSuri(cpsuri); + netscape.security.x509.PolicyQualifierInfo qualifierInfo = createCPSuri(cpsuri); if (qualifierInfo != null) - policyQualifiers.add(qualifierInfo); - } else if (usernoticeEnable != null && + policyQualifiers.add(qualifierInfo); + } else if (usernoticeEnable != null && usernoticeEnable.equals("true")) { String org = substore1.getString(CONFIG_USERNOTICE_ORG); String noticenumbers = substore1.getString(CONFIG_USERNOTICE_NUMBERS); String explicitText = substore1.getString(CONFIG_USERNOTICE_TEXT); netscape.security.x509.PolicyQualifierInfo qualifierInfo = createUserNotice(org, - noticenumbers, explicitText); + noticenumbers, explicitText); if (qualifierInfo != null) policyQualifiers.add(qualifierInfo); } } - + CertificatePolicyInfo info = null; if (policyQualifiers.size() <= 0) { - info = - new CertificatePolicyInfo(cpolicyId); + info = + new CertificatePolicyInfo(cpolicyId); } else { - info = - new CertificatePolicyInfo(cpolicyId, policyQualifiers); + info = + new CertificatePolicyInfo(cpolicyId, policyQualifiers); } - + if (info != null) - certificatePolicies.addElement(info); + certificatePolicies.addElement(info); } } @@ -682,51 +679,51 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { } catch (EProfileException e) { throw e; } catch (Exception e) { - CMS.debug("CertificatePoliciesExtDefault: createExtension " + - e.toString()); + CMS.debug("CertificatePoliciesExtDefault: createExtension " + + e.toString()); } return ext; } - private CertificatePolicyId getPolicyId (String policyId) throws EPropertyException { + private CertificatePolicyId getPolicyId(String policyId) throws EPropertyException { if (policyId == null || policyId.length() == 0) throw new EPropertyException(CMS.getUserMessage( - "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID")); + "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID")); CertificatePolicyId cpolicyId = null; try { cpolicyId = new CertificatePolicyId( - ObjectIdentifier.getObjectIdentifier(policyId)); + ObjectIdentifier.getObjectIdentifier(policyId)); return cpolicyId; } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_PROFILE_CERTIFICATE_POLICIES_POLICYID_ERROR", policyId)); + "CMS_PROFILE_CERTIFICATE_POLICIES_POLICYID_ERROR", policyId)); } } private netscape.security.x509.PolicyQualifierInfo createCPSuri(String uri) throws EPropertyException { - if (uri == null || uri.length() == 0) + if (uri == null || uri.length() == 0) throw new EPropertyException(CMS.getUserMessage( - "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_CPSURI")); + "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_CPSURI")); - CPSuri cpsURI = new CPSuri(uri); + CPSuri cpsURI = new CPSuri(uri); netscape.security.x509.PolicyQualifierInfo policyQualifierInfo2 = - new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_CPS, cpsURI); - + new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_CPS, cpsURI); + return policyQualifierInfo2; } - private netscape.security.x509.PolicyQualifierInfo createUserNotice(String organization, - String noticeText, String noticeNums) throws EPropertyException { - - if ((organization == null || organization.length() == 0) && - (noticeNums == null || noticeNums.length() == 0) && - (noticeText == null || noticeText.length() == 0)) + private netscape.security.x509.PolicyQualifierInfo createUserNotice(String organization, + String noticeText, String noticeNums) throws EPropertyException { + + if ((organization == null || organization.length() == 0) && + (noticeNums == null || noticeNums.length() == 0) && + (noticeText == null || noticeText.length() == 0)) return null; DisplayText explicitText = null; - if (noticeText != null && noticeText.length() > 0) + if (noticeText != null && noticeText.length() > 0) explicitText = new DisplayText(DisplayText.tag_VisibleString, noticeText); int nums[] = null; @@ -752,7 +749,7 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { DisplayText orgName = null; if (organization != null && organization.length() > 0) { orgName = - new DisplayText(DisplayText.tag_VisibleString, organization); + new DisplayText(DisplayText.tag_VisibleString, organization); } NoticeReference noticeReference = null; @@ -762,10 +759,10 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { UserNotice userNotice = null; if (explicitText != null || noticeReference != null) { - userNotice = new UserNotice (noticeReference, explicitText); + userNotice = new UserNotice(noticeReference, explicitText); netscape.security.x509.PolicyQualifierInfo policyQualifierInfo1 = - new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE, userNotice); + new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE, userNotice); return policyQualifierInfo1; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java index f3b68594c..d30f971dd 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java @@ -37,7 +37,7 @@ import com.netscape.certsrv.request.IRequest; * This class implements an enrollment default policy * that populates a Netscape comment extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class CertificateVersionDefault extends EnrollExtDefault { @@ -54,11 +54,11 @@ public class CertificateVersionDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_VERSION)) { return new Descriptor(IDescriptor.INTEGER, null, "3", @@ -69,14 +69,14 @@ public class CertificateVersionDefault extends EnrollExtDefault { } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (name.equals(CONFIG_VERSION)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_VERSION)); - } + } } super.setConfig(name, value); } @@ -92,32 +92,32 @@ public class CertificateVersionDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } - if (name.equals(VAL_VERSION)) { + if (name.equals(VAL_VERSION)) { if (value == null || value.equals("")) - throw new EPropertyException(name+" cannot be empty"); + throw new EPropertyException(name + " cannot be empty"); else { - int version = Integer.valueOf(value).intValue()-1; - + int version = Integer.valueOf(value).intValue() - 1; + if (version == CertificateVersion.V1) info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V1)); + new CertificateVersion(CertificateVersion.V1)); else if (version == CertificateVersion.V2) info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V2)); + new CertificateVersion(CertificateVersion.V2)); else if (version == CertificateVersion.V3) info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } catch (IOException e) { @@ -128,30 +128,30 @@ public class CertificateVersionDefault extends EnrollExtDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } - if (name.equals(VAL_VERSION)) { + if (name.equals(VAL_VERSION)) { CertificateVersion v = null; - try { - v = (CertificateVersion)info.get( - X509CertInfo.VERSION); + try { + v = (CertificateVersion) info.get( + X509CertInfo.VERSION); } catch (Exception e) { } if (v == null) - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); int version = v.compare(0); - - return ""+(version+1); + + return "" + (version + 1); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -168,26 +168,26 @@ public class CertificateVersionDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { String v = getConfig(CONFIG_VERSION); - int version = Integer.valueOf(v).intValue()-1; - + int version = Integer.valueOf(v).intValue() - 1; + try { if (version == CertificateVersion.V1) info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V1)); + new CertificateVersion(CertificateVersion.V1)); else if (version == CertificateVersion.V2) info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V2)); + new CertificateVersion(CertificateVersion.V2)); else if (version == CertificateVersion.V3) info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); else { throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_VERSION)); + getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_VERSION)); } } catch (IOException e) { } catch (CertificateException e) { - } + } } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java index 71cccdff5..060f2ad16 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java @@ -60,10 +60,9 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements an enrollment default policy. - * + * * @version $Revision$, $Date$ */ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDefault { @@ -99,7 +98,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (mConfig.getSubStore("params") == null) { // } else { @@ -120,19 +119,18 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mConfig = config; } /** * Retrieves the localizable description of this policy. - * + * * @param locale locale of the end user * @return localized description of this default policy */ public abstract String getText(Locale locale); - public IConfigStore getConfigStore() { return mConfig; } @@ -147,60 +145,60 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe /** * Populates attributes into the certificate template. - * + * * @param request enrollment request * @param info certificate template - * @exception EProfileException failed to populate attributes - * into request + * @exception EProfileException failed to populate attributes + * into request */ public abstract void populate(IRequest request, X509CertInfo info) - throws EProfileException; + throws EProfileException; /** * Sets values from the approval page into certificate template. - * + * * @param name name of the attribute * @param locale user locale * @param info certificate template * @param value attribute value - * @exception EProfileException failed to set attributes - * into request + * @exception EProfileException failed to set attributes + * into request */ - public abstract void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException; + public abstract void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException; /** * Retrieves certificate template values and returns them to * the approval page. - * + * * @param name name of the attribute * @param locale user locale * @param info certificate template - * @exception EProfileException failed to get attributes - * from request + * @exception EProfileException failed to get attributes + * from request */ - public abstract String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException; + public abstract String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException; /** * Populates the request with this policy default. - * + * * The current implementation extracts enrollment specific attributes * and calls the populate() method of the subclass. - * + * * @param request request to be populated * @exception EProfileException failed to populate */ public void populate(IRequest request) - throws EProfileException { + throws EProfileException { String name = getClass().getName(); name = name.substring(name.lastIndexOf('.') + 1); CMS.debug(name + ": populate start"); X509CertInfo info = - request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); populate(request, info); @@ -222,21 +220,21 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe /** * Sets the value of the given value property by name. - * + * * The current implementation extracts enrollment specific attributes * and calls the setValue() method of the subclass. - * + * * @param name name of property * @param locale locale of the end user * @param request request * @param value value to be set in the given request * @exception EPropertyException failed to set property */ - public void setValue(String name, Locale locale, IRequest request, - String value) - throws EPropertyException { + public void setValue(String name, Locale locale, IRequest request, + String value) + throws EPropertyException { X509CertInfo info = - request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); setValue(name, locale, info, value); @@ -246,19 +244,19 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe /** * Retrieves the value of the given value * property by name. - * + * * The current implementation extracts enrollment specific attributes * and calls the getValue() method of the subclass. - * + * * @param name name of property * @param locale locale of the end user * @param request request * @exception EPropertyException failed to get property */ public String getValue(String name, Locale locale, IRequest request) - throws EPropertyException { + throws EPropertyException { X509CertInfo info = - request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); String value = getValue(name, locale, info); request.setExtData(IEnrollProfile.REQUEST_CERTINFO, info); @@ -279,8 +277,8 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe } protected void refreshConfigAndValueNames() { - mConfigNames.removeAllElements(); - mValueNames.removeAllElements(); + mConfigNames.removeAllElements(); + mValueNames.removeAllElements(); } protected void deleteExtension(String name, X509CertInfo info) { @@ -336,18 +334,18 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe } protected void addExtension(String name, Extension ext, X509CertInfo info) - throws EProfileException { + throws EProfileException { if (ext == null) { throw new EProfileException("extension not found"); } CertificateExtensions exts = null; - Extension alreadyPresentExtension = getExtension(name,info); + Extension alreadyPresentExtension = getExtension(name, info); if (alreadyPresentExtension != null) { String eName = ext.toString(); CMS.debug("EnrollDefault.addExtension: duplicate extension attempted! Name: " + eName); - throw new EProfileException(CMS.getUserMessage("CMS_PROFILE_DUPLICATE_EXTENSION",eName)); + throw new EProfileException(CMS.getUserMessage("CMS_PROFILE_DUPLICATE_EXTENSION", eName)); } try { @@ -367,7 +365,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe } protected void replaceExtension(String name, Extension ext, X509CertInfo info) - throws EProfileException { + throws EProfileException { deleteExtension(name, info); addExtension(name, ext, info); } @@ -392,65 +390,62 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe return getInt(getConfig(value)); } - protected boolean isGeneralNameValid(String name) - { + protected boolean isGeneralNameValid(String name) { if (name == null) - return false; + return false; int pos = name.indexOf(':'); if (pos == -1) - return false; + return false; String nameType = name.substring(0, pos).trim(); String nameValue = name.substring(pos + 1).trim(); if (nameValue.equals("")) - return false; + return false; return true; } protected GeneralNameInterface parseGeneralName(String name) - throws IOException { + throws IOException { int pos = name.indexOf(':'); if (pos == -1) - return null; + return null; String nameType = name.substring(0, pos).trim(); String nameValue = name.substring(pos + 1).trim(); return parseGeneralName(nameType, nameValue); } - protected boolean isGeneralNameType(String nameType) - { + protected boolean isGeneralNameType(String nameType) { if (nameType.equalsIgnoreCase("RFC822Name")) { - return true; + return true; } if (nameType.equalsIgnoreCase("DNSName")) { - return true; + return true; } if (nameType.equalsIgnoreCase("x400")) { - return true; + return true; } if (nameType.equalsIgnoreCase("DirectoryName")) { - return true; + return true; } if (nameType.equalsIgnoreCase("EDIPartyName")) { - return true; + return true; } if (nameType.equalsIgnoreCase("URIName")) { - return true; + return true; } if (nameType.equalsIgnoreCase("IPAddress")) { - return true; + return true; } if (nameType.equalsIgnoreCase("OIDName")) { - return true; + return true; } if (nameType.equalsIgnoreCase("OtherName")) { - return true; + return true; } return false; } protected GeneralNameInterface parseGeneralName(String nameType, String nameValue) - throws IOException - { + throws IOException { if (nameType.equalsIgnoreCase("RFC822Name")) { return new RFC822Name(nameValue); } @@ -458,7 +453,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe return new DNSName(nameValue); } if (nameType.equalsIgnoreCase("x400")) { - // XXX + // XXX } if (nameType.equalsIgnoreCase("DirectoryName")) { return new X500Name(nameValue); @@ -476,153 +471,153 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe StringTokenizer st = new StringTokenizer(nameValue, "/"); String addr = st.nextToken(); String netmask = st.nextToken(); - CMS.debug("addr:" + addr +" netmask: "+netmask); + CMS.debug("addr:" + addr + " netmask: " + netmask); return new IPAddressName(addr, netmask); - } else { + } else { return new IPAddressName(nameValue); - } + } } if (nameType.equalsIgnoreCase("OIDName")) { try { - // check if OID - ObjectIdentifier oid = new ObjectIdentifier(nameValue); + // check if OID + ObjectIdentifier oid = new ObjectIdentifier(nameValue); } catch (Exception e) { - return null; + return null; } return new OIDName(nameValue); - } + } if (nameType.equals("OtherName")) { if (nameValue == null || nameValue.length() == 0) nameValue = " "; if (nameValue.startsWith("(PrintableString)")) { - // format: OtherName: (PrintableString)oid,value - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_PrintableString, on_value); - } else { - return null; - } + // format: OtherName: (PrintableString)oid,value + int pos0 = nameValue.indexOf(')'); + int pos1 = nameValue.indexOf(','); + if (pos1 == -1) + return null; + String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); + String on_value = nameValue.substring(pos1 + 1).trim(); + if (isValidOID(on_oid)) { + return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_PrintableString, on_value); + } else { + return null; + } } else if (nameValue.startsWith("(KerberosName)")) { // Syntax: (KerberosName)Realm|NameType|NameString(s) - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf('|'); - int pos2 = nameValue.lastIndexOf('|'); - String realm = nameValue.substring(pos0 + 1, pos1).trim(); - String name_type = nameValue.substring(pos1 + 1, pos2).trim(); - String name_strings = nameValue.substring(pos2 + 1).trim(); - Vector<String> strings = new Vector<String>(); - StringTokenizer st = new StringTokenizer(name_strings, ","); - while (st.hasMoreTokens()) { - strings.addElement(st.nextToken()); - } - KerberosName name = new KerberosName(realm, - Integer.parseInt(name_type), strings); - // krb5 OBJECT IDENTIFIER ::= { iso (1) - // org (3) - // dod (6) - // internet (1) - // security (5) - // kerberosv5 (2) } - // krb5PrincipalName OBJECT IDENTIFIER ::= { krb5 2 } - return new OtherName(KerberosName.KRB5_PRINCIPAL_NAME, - name.toByteArray()); + int pos0 = nameValue.indexOf(')'); + int pos1 = nameValue.indexOf('|'); + int pos2 = nameValue.lastIndexOf('|'); + String realm = nameValue.substring(pos0 + 1, pos1).trim(); + String name_type = nameValue.substring(pos1 + 1, pos2).trim(); + String name_strings = nameValue.substring(pos2 + 1).trim(); + Vector<String> strings = new Vector<String>(); + StringTokenizer st = new StringTokenizer(name_strings, ","); + while (st.hasMoreTokens()) { + strings.addElement(st.nextToken()); + } + KerberosName name = new KerberosName(realm, + Integer.parseInt(name_type), strings); + // krb5 OBJECT IDENTIFIER ::= { iso (1) + // org (3) + // dod (6) + // internet (1) + // security (5) + // kerberosv5 (2) } + // krb5PrincipalName OBJECT IDENTIFIER ::= { krb5 2 } + return new OtherName(KerberosName.KRB5_PRINCIPAL_NAME, + name.toByteArray()); } else if (nameValue.startsWith("(IA5String)")) { - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_IA5String, on_value); - } else { - return null; - } + int pos0 = nameValue.indexOf(')'); + int pos1 = nameValue.indexOf(','); + if (pos1 == -1) + return null; + String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); + String on_value = nameValue.substring(pos1 + 1).trim(); + if (isValidOID(on_oid)) { + return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_IA5String, on_value); + } else { + return null; + } } else if (nameValue.startsWith("(UTF8String)")) { - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_UTF8String, on_value); - } else { - return null; - } + int pos0 = nameValue.indexOf(')'); + int pos1 = nameValue.indexOf(','); + if (pos1 == -1) + return null; + String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); + String on_value = nameValue.substring(pos1 + 1).trim(); + if (isValidOID(on_oid)) { + return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_UTF8String, on_value); + } else { + return null; + } } else if (nameValue.startsWith("(BMPString)")) { - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_BMPString, on_value); - } else { - return null; - } + int pos0 = nameValue.indexOf(')'); + int pos1 = nameValue.indexOf(','); + if (pos1 == -1) + return null; + String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); + String on_value = nameValue.substring(pos1 + 1).trim(); + if (isValidOID(on_oid)) { + return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_BMPString, on_value); + } else { + return null; + } } else if (nameValue.startsWith("(Any)")) { - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - CMS.debug("OID: " + on_oid + " Value:" + on_value); - return new OtherName(new ObjectIdentifier(on_oid), getBytes(on_value)); - } else { - CMS.debug("Invalid OID " + on_oid); - return null; - } + int pos0 = nameValue.indexOf(')'); + int pos1 = nameValue.indexOf(','); + if (pos1 == -1) + return null; + String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); + String on_value = nameValue.substring(pos1 + 1).trim(); + if (isValidOID(on_oid)) { + CMS.debug("OID: " + on_oid + " Value:" + on_value); + return new OtherName(new ObjectIdentifier(on_oid), getBytes(on_value)); + } else { + CMS.debug("Invalid OID " + on_oid); + return null; + } } else { - return null; + return null; } } return null; } -/** - * Converts string containing pairs of characters in the range of '0' - * to '9', 'a' to 'f' to an array of bytes such that each pair of - * characters in the string represents an individual byte - */ + /** + * Converts string containing pairs of characters in the range of '0' + * to '9', 'a' to 'f' to an array of bytes such that each pair of + * characters in the string represents an individual byte + */ public byte[] getBytes(String string) { - if (string == null) - return null; - int stringLength = string.length(); - if ((stringLength == 0) || ((stringLength % 2) != 0)) - return null; - byte[] bytes = new byte[ (stringLength / 2) ]; - for (int i = 0, b = 0; i < stringLength; i += 2, ++b) { - String nextByte = string.substring(i, (i + 2)); - bytes[b] = (byte)Integer.parseInt(nextByte, 0x10); - } - return bytes; + if (string == null) + return null; + int stringLength = string.length(); + if ((stringLength == 0) || ((stringLength % 2) != 0)) + return null; + byte[] bytes = new byte[(stringLength / 2)]; + for (int i = 0, b = 0; i < stringLength; i += 2, ++b) { + String nextByte = string.substring(i, (i + 2)); + bytes[b] = (byte) Integer.parseInt(nextByte, 0x10); + } + return bytes; } /** * Check if a object identifier in string form is valid, * that is a string in the form n.n.n.n and der encode and decode-able. + * * @param oid object identifier string. * @return true if the oid is valid */ - public boolean isValidOID(String oid) - { - ObjectIdentifier v = null; + public boolean isValidOID(String oid) { + ObjectIdentifier v = null; try { v = ObjectIdentifier.getObjectIdentifier(oid); } catch (Exception e) { - return false; + return false; } if (v == null) - return false; + return false; // if the OID isn't valid (ex. n.n) the error isn't caught til // encoding time leaving a bad request in the request queue. @@ -632,7 +627,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe derOut.putOID(v); new ObjectIdentifier(new DerInputStream(derOut.toByteArray())); } catch (Exception e) { - return false; + return false; } return true; } @@ -658,7 +653,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe sb.append("\r\n"); } sb.append("\r\n"); - + } return sb.toString(); } @@ -678,7 +673,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe v.addElement(nvps); try { token = (String) st.nextToken(); - } catch (NoSuchElementException e) { + } catch (NoSuchElementException e) { v.removeElementAt(num); CMS.debug(e.toString()); return v; @@ -688,7 +683,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe if (nvps == null) throw new EPropertyException("Bad Input Format"); - + int pos = token.indexOf(":"); if (pos <= 0) { @@ -706,8 +701,8 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe return v; } - protected String getGeneralNameType(GeneralName gn) - throws EPropertyException { + protected String getGeneralNameType(GeneralName gn) + throws EPropertyException { int type = gn.getType(); if (type == GeneralNameInterface.NAME_RFC822) @@ -762,17 +757,17 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe } public String toGeneralNameString(GeneralName gn) { - int type = gn.getType(); + int type = gn.getType(); // Sun's General Name is not consistent, so we need // to do a special case for directory string if (type == GeneralNameInterface.NAME_DIRECTORY) { - return "DirectoryName: " + gn.toString(); + return "DirectoryName: " + gn.toString(); } return gn.toString(); } protected String mapPattern(IRequest request, String pattern) - throws IOException { + throws IOException { Pattern p = new Pattern(pattern); IAttrSet attrSet = null; if (request != null) { @@ -781,30 +776,32 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe return p.substitute2("request", attrSet); } - protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) - { + protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) { StringBuffer result = new StringBuffer(); // Do we need to escape any characters for (int i = 0; i < v.length(); i++) { int c = v.charAt(i); if (c == ',' || c == '=' || c == '+' || c == '<' || - c == '>' || c == '#' || c == ';' || c == '\r' || - c == '\n' || c == '\\' || c == '"') { - if ((c == 0x5c) && ((i+1) < v.length())) { - int nextC = v.charAt(i+1); + c == '>' || c == '#' || c == ';' || c == '\r' || + c == '\n' || c == '\\' || c == '"') { + if ((c == 0x5c) && ((i + 1) < v.length())) { + int nextC = v.charAt(i + 1); if ((c == 0x5c) && (nextC == ',' || nextC == '=' || nextC == '+' || nextC == '<' || nextC == '>' || nextC == '#' || nextC == ';' || nextC == '\r' || nextC == '\n' || nextC == '\\' || nextC == '"')) { - if (doubleEscape) result.append('\\'); + if (doubleEscape) + result.append('\\'); } else { result.append('\\'); - if (doubleEscape) result.append('\\'); + if (doubleEscape) + result.append('\\'); } } else { result.append('\\'); - if (doubleEscape) result.append('\\'); + if (doubleEscape) + result.append('\\'); } } if (c == '\r') { @@ -812,10 +809,10 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe } else if (c == '\n') { result.append("0A"); } else { - result.append((char)c); + result.append((char) c); } } return result; } - + } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java index 7cf2a3596..24f79cdec 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java @@ -17,14 +17,11 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - - - /** - * This class implements an enrollment extension + * This class implements an enrollment extension * default policy that extension into the certificate * template. - * + * * @version $Revision$, $Date$ */ public abstract class EnrollExtDefault extends EnrollDefault { diff --git a/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java index 62d21cc8c..15dec5412 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.util.Enumeration; import java.util.Locale; import java.util.StringTokenizer; @@ -35,12 +34,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates Extended Key Usage extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { @@ -60,17 +58,17 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_OIDS)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_OIDS")); } @@ -91,51 +89,49 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { ExtendedKeyUsageExtension ext = null; - ext = (ExtendedKeyUsageExtension) getExtension(ExtendedKeyUsageExtension.OID, info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - } - if (name == null) { + } + if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_CRITICAL)) { ext = (ExtendedKeyUsageExtension) - getExtension(ExtendedKeyUsageExtension.OID, info); - boolean val = Boolean.valueOf(value).booleanValue(); + getExtension(ExtendedKeyUsageExtension.OID, info); + boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) { + if (ext == null) { return; } - ext.setCritical(val); + ext.setCritical(val); } else if (name.equals(VAL_OIDS)) { ext = (ExtendedKeyUsageExtension) getExtension(ExtendedKeyUsageExtension.OID, info); // ext.deleteAllOIDs(); StringTokenizer st = new StringTokenizer(value, ","); - if(ext == null) { + if (ext == null) { return; } while (st.hasMoreTokens()) { String oid = st.nextToken(); - ext.addOID(new ObjectIdentifier(oid)); + ext.addOID(new ObjectIdentifier(oid)); } } else { throw new EPropertyException(CMS.getUserMessage( @@ -151,8 +147,8 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); @@ -160,23 +156,21 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { ExtendedKeyUsageExtension ext = (ExtendedKeyUsageExtension) getExtension(ExtendedKeyUsageExtension.OID, info); - - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { ext = (ExtendedKeyUsageExtension) - getExtension(ExtendedKeyUsageExtension.OID, info); + getExtension(ExtendedKeyUsageExtension.OID, info); if (ext == null) { return null; @@ -188,20 +182,20 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { } } else if (name.equals(VAL_OIDS)) { ext = (ExtendedKeyUsageExtension) - getExtension(ExtendedKeyUsageExtension.OID, info); + getExtension(ExtendedKeyUsageExtension.OID, info); StringBuffer sb = new StringBuffer(); - if(ext == null) { + if (ext == null) { return ""; } Enumeration e = ext.getOIDs(); while (e.hasMoreElements()) { ObjectIdentifier oid = (ObjectIdentifier) - e.nextElement(); + e.nextElement(); if (!sb.toString().equals("")) { sb.append(","); - } + } sb.append(oid.toString()); } return sb.toString(); @@ -213,11 +207,11 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { public String getText(Locale locale) { String params[] = { - getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_CRITICAL), getConfig(CONFIG_OIDS) }; - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_EXTENDED_KEY_EXT", params); } @@ -225,20 +219,20 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { ExtendedKeyUsageExtension ext = createExtension(); addExtension(ExtendedKeyUsageExtension.OID, ext, info); } public ExtendedKeyUsageExtension createExtension() { - ExtendedKeyUsageExtension ext = null; + ExtendedKeyUsageExtension ext = null; try { ext = new ExtendedKeyUsageExtension(); } catch (Exception e) { CMS.debug("ExtendedKeyUsageExtDefault: createExtension " + - e.toString()); + e.toString()); } if (ext == null) return null; @@ -250,7 +244,7 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { while (st.hasMoreTokens()) { String oid = st.nextToken(); - ext.addOID(new ObjectIdentifier(oid)); + ext.addOID(new ObjectIdentifier(oid)); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java index 7b9bcd525..3dcf89929 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -42,12 +41,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates Freshest CRL extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class FreshestCRLExtDefault extends EnrollExtDefault { @@ -61,8 +59,8 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { public static final String CONFIG_ENABLE = "freshestCRLPointEnable_"; public static final String VAL_CRITICAL = "freshestCRLCritical"; - public static final String VAL_CRL_DISTRIBUTION_POINTS = - "freshestCRLPointsValue"; + public static final String VAL_CRL_DISTRIBUTION_POINTS = + "freshestCRLPointsValue"; private static final String POINT_TYPE = "Point Type"; private static final String POINT_NAME = "Point Name"; @@ -78,12 +76,11 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } - protected int getNumPoints() { int num = DEF_NUM_POINTS; String val = getConfig(CONFIG_NUM_POINTS); @@ -103,26 +100,25 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_POINTS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_POINTS || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_POINTS || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS)); - } + } } super.setConfig(name, value); } - public Enumeration getConfigNames() { refreshConfigAndValueNames(); return super.getConfigNames(); @@ -149,47 +145,47 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_CRITICAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_POINT_TYPE)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_POINT_TYPE")); } else if (name.startsWith(CONFIG_POINT_NAME)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_POINT_NAME")); } else if (name.startsWith(CONFIG_ISSUER_TYPE)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_TYPE")); } else if (name.startsWith(CONFIG_ISSUER_NAME)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_NAME")); } else if (name.startsWith(CONFIG_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); } else if (name.startsWith(CONFIG_NUM_POINTS)) { return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_DIST_POINTS")); + "1", + CMS.getUserMessage(locale, "CMS_PROFILE_NUM_DIST_POINTS")); } else { return null; } } public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + if (name.equals(VAL_CRITICAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { - return new Descriptor(IDescriptor.STRING_LIST, null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_CRL_DISTRIBUTION_POINTS")); } else { @@ -198,39 +194,39 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { FreshestCRLExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (FreshestCRLExtension) getExtension(FreshestCRLExtension.OID, - info); + info); - if(ext == null) { - populate(locale,info); + if (ext == null) { + populate(locale, info); } - + if (name.equals(VAL_CRITICAL)) { ext = (FreshestCRLExtension) - getExtension(FreshestCRLExtension.OID, - info); + getExtension(FreshestCRLExtension.OID, + info); boolean val = Boolean.valueOf(value).booleanValue(); - ext.setCritical(val); - } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { + ext.setCritical(val); + } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { ext = (FreshestCRLExtension) - getExtension(FreshestCRLExtension.OID, - info); + getExtension(FreshestCRLExtension.OID, + info); Vector v = parseRecords(value); int size = v.size(); - + boolean critical = ext.isCritical(); int i = 0; @@ -266,7 +262,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { if (issuerType != null) addIssuer(locale, cdp, issuerType, issuerValue); - // this is the first distribution point + // this is the first distribution point if (i == 0) { ext = new FreshestCRLExtension(cdp); ext.setCritical(critical); @@ -276,100 +272,99 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(PKIXExtensions.FreshestCRL_Id.toString(), - ext, info); + ext, info); } catch (EProfileException e) { - CMS.debug("FreshestCRLExtDefault: setValue " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( + CMS.debug("FreshestCRLExtDefault: setValue " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } private void addCRLPoint(Locale locale, CRLDistributionPoint cdp, String type, - String value) throws EPropertyException { + String value) throws EPropertyException { try { if (value == null || value.length() == 0) return; - + if (isGeneralNameType(type)) { GeneralNames gen = new GeneralNames(); - gen.addElement(parseGeneralName(type,value)); + gen.addElement(parseGeneralName(type, value)); cdp.setFullName(gen); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", type)); } } catch (IOException e) { - CMS.debug("FreshestCRLExtDefault: addCRLPoint " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( + CMS.debug("FreshestCRLExtDefault: addCRLPoint " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", type)); } catch (GeneralNamesException e) { - CMS.debug("FreshestCRLExtDefault: addCRLPoint " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( + CMS.debug("FreshestCRLExtDefault: addCRLPoint " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", type)); } } private void addIssuer(Locale locale, CRLDistributionPoint cdp, String type, - String value) throws EPropertyException { + String value) throws EPropertyException { if (value == null || value.length() == 0) return; try { if (isGeneralNameType(type)) { GeneralNames gen = new GeneralNames(); - gen.addElement(parseGeneralName(type,value)); + gen.addElement(parseGeneralName(type, value)); cdp.setCRLIssuer(gen); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", type)); } } catch (IOException e) { - CMS.debug("FreshestCRLExtDefault: addIssuer " + - e.toString()); + CMS.debug("FreshestCRLExtDefault: addIssuer " + + e.toString()); } catch (GeneralNamesException e) { - CMS.debug("FreshestCRLExtDefault: addIssuer " + - e.toString()); + CMS.debug("FreshestCRLExtDefault: addIssuer " + + e.toString()); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { FreshestCRLExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (FreshestCRLExtension) getExtension(FreshestCRLExtension.OID, - info); - if(ext == null) - { + info); + if (ext == null) { try { - populate(locale,info); + populate(locale, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { ext = (FreshestCRLExtension) - getExtension(FreshestCRLExtension.OID, - info); + getExtension(FreshestCRLExtension.OID, + info); if (ext == null) { return null; @@ -379,10 +374,10 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { + } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { ext = (FreshestCRLExtension) - getExtension(FreshestCRLExtension.OID, - info); + getExtension(FreshestCRLExtension.OID, + info); if (ext == null) return ""; @@ -395,7 +390,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { NameValuePairs pairs = null; if (i < ext.getNumPoints()) { - CRLDistributionPoint p = ext.getPointAt(i); + CRLDistributionPoint p = ext.getPointAt(i); GeneralNames gns = p.getFullName(); pairs = buildGeneralNames(gns, p); @@ -404,10 +399,10 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } recs.addElement(pairs); } - + return buildRecords(recs); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -424,7 +419,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } protected NameValuePairs buildGeneralNames(GeneralNames gns, CRLDistributionPoint p) - throws EPropertyException { + throws EPropertyException { NameValuePairs pairs = new NameValuePairs(); @@ -495,8 +490,8 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { sb.append(getConfig(CONFIG_ENABLE + i)); sb.append("}"); } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_FRESHEST_CRL_EXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_FRESHEST_CRL_EXT", getConfig(CONFIG_CRITICAL), sb.toString()); } @@ -505,7 +500,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { FreshestCRLExtension ext = createExtension(request); if (ext == null) @@ -519,14 +514,14 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); - ext.setCritical(critical); + ext.setCritical(critical); num = getNumPoints(); for (int i = 0; i < num; i++) { CRLDistributionPoint cdp = new CRLDistributionPoint(); - String enable = getConfig(CONFIG_ENABLE + i); - String pointType = getConfig(CONFIG_POINT_TYPE + i); + String enable = getConfig(CONFIG_ENABLE + i); + String pointType = getConfig(CONFIG_POINT_TYPE + i); String pointName = getConfig(CONFIG_POINT_NAME + i); String issuerType = getConfig(CONFIG_ISSUER_TYPE + i); String issuerName = getConfig(CONFIG_ISSUER_NAME + i); @@ -537,12 +532,12 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { if (issuerType != null) addIssuer(getLocale(request), cdp, issuerType, issuerName); - ext.addPoint(cdp); + ext.addPoint(cdp); } } } catch (Exception e) { CMS.debug("FreshestCRLExtDefault: createExtension " + - e.toString()); + e.toString()); } return ext; @@ -552,7 +547,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ private void populate(Locale locale, X509CertInfo info) - throws EProfileException { + throws EProfileException { FreshestCRLExtension ext = createExtension(locale); if (ext == null) @@ -589,7 +584,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } } catch (Exception e) { CMS.debug("FreshestCRLExtDefault: createExtension " + - e.toString()); + e.toString()); } return ext; diff --git a/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java index 4051f31a4..1797091b7 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.util.Locale; import netscape.security.util.DerOutputStream; @@ -34,12 +33,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a Netscape comment extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class GenericExtDefault extends EnrollExtDefault { @@ -62,13 +60,13 @@ public class GenericExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_OID)) { @@ -86,7 +84,7 @@ public class GenericExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_DATA)) { @@ -99,13 +97,13 @@ public class GenericExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { Extension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -114,28 +112,28 @@ public class GenericExtDefault extends EnrollExtDefault { ext = (Extension) getExtension(oid.toString(), info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } if (name.equals(VAL_CRITICAL)) { ext = (Extension) getExtension(oid.toString(), info); - if (ext == null) { + if (ext == null) { return; } boolean val = Boolean.valueOf(value).booleanValue(); - ext.setCritical(val); - } else if (name.equals(VAL_DATA)) { + ext.setCritical(val); + } else if (name.equals(VAL_DATA)) { ext = (Extension) getExtension(oid.toString(), info); - if (ext == null) { + if (ext == null) { return; } byte data[] = getBytes(value); - ext.setExtensionValue(data); + ext.setExtensionValue(data); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -146,12 +144,12 @@ public class GenericExtDefault extends EnrollExtDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { Extension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -160,14 +158,13 @@ public class GenericExtDefault extends EnrollExtDefault { ext = (Extension) getExtension(oid.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } @@ -185,7 +182,7 @@ public class GenericExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_DATA)) { + } else if (name.equals(VAL_DATA)) { ext = (Extension) getExtension(oid.toString(), info); @@ -197,17 +194,17 @@ public class GenericExtDefault extends EnrollExtDefault { if (data == null) return ""; - + return toStr(data); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { String params[] = { - getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_CRITICAL), getConfig(CONFIG_OID), getConfig(CONFIG_DATA) }; @@ -218,10 +215,10 @@ public class GenericExtDefault extends EnrollExtDefault { public String toStr(byte data[]) { StringBuffer b = new StringBuffer(); for (int i = 0; i < data.length; i++) { - if ((data[i] & 0xff) < 16) { - b.append("0"); - } - b.append(Integer.toString((int)(data[i] & 0xff), 0x10)); + if ((data[i] & 0xff) < 16) { + b.append("0"); + } + b.append(Integer.toString((int) (data[i] & 0xff), 0x10)); } return b.toString(); } @@ -230,14 +227,14 @@ public class GenericExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { Extension ext = createExtension(request); addExtension(ext.getExtensionId().toString(), ext, info); } public Extension createExtension(IRequest request) { - Extension ext = null; + Extension ext = null; try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); @@ -250,13 +247,13 @@ public class GenericExtDefault extends EnrollExtDefault { data = getBytes(mapPattern(request, getConfig(CONFIG_DATA))); } - DerOutputStream out = new DerOutputStream(); + DerOutputStream out = new DerOutputStream(); out.putOctetString(data); ext = new Extension(oid, critical, out.toByteArray()); } catch (Exception e) { - CMS.debug("GenericExtDefault: createExtension " + - e.toString()); + CMS.debug("GenericExtDefault: createExtension " + + e.toString()); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java index 5bb8abd49..16a7ac402 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.util.Locale; import netscape.security.x509.X509CertInfo; @@ -31,11 +30,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that shows an image in the approval page. - * + * * @version $Revision$, $Date$ */ public class ImageDefault extends EnrollDefault { @@ -50,7 +48,7 @@ public class ImageDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -68,12 +66,12 @@ public class ImageDefault extends EnrollDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { } public String getValue(String name, Locale locale, IRequest request) - throws EPropertyException { + throws EPropertyException { if (name == null) { throw new EPropertyException(CMS.getUserMessage( @@ -89,19 +87,19 @@ public class ImageDefault extends EnrollDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { return null; } public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_IMAGE" ); + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_IMAGE"); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java index c6bbc7f78..97cfb3ff4 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.math.BigInteger; import java.util.Locale; @@ -34,10 +33,9 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an inhibit Any-Policy extension - * + * * @version $Revision$, $Date$ */ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { @@ -61,31 +59,31 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { return new Descriptor(IDescriptor.BOOLEAN, null, "true", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); + CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_SKIP_CERTS)) { return new Descriptor(IDescriptor.INTEGER, null, "0", - CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS")); + CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS")); } else { return null; } } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (name.equals(CONFIG_SKIP_CERTS)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_SKIP_CERTS)); - } + } } super.setConfig(name, value); } @@ -93,36 +91,36 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { return new Descriptor(IDescriptor.BOOLEAN, null, "true", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); + CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_SKIP_CERTS)) { return new Descriptor(IDescriptor.INTEGER, null, "0", - CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS")); + CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS")); } else { return null; } } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { InhibitAnyPolicyExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); + getExtension(InhibitAnyPolicyExtension.OID, info); - if(ext == null) { - populate(null,info); - } + if (ext == null) { + populate(null, info); + } if (name.equals(VAL_CRITICAL)) { ext = (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); + getExtension(InhibitAnyPolicyExtension.OID, info); if (ext == null) { // it is ok, the extension is never populated or delted @@ -133,7 +131,7 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { ext.setCritical(critical); } else if (name.equals(VAL_SKIP_CERTS)) { ext = (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); + getExtension(InhibitAnyPolicyExtension.OID, info); if (ext == null) { // it is ok, the extension is never populated or delted @@ -150,48 +148,47 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { BigInteger l = new BigInteger(value); num = new BigInt(l); } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } ext = new InhibitAnyPolicyExtension(critical, - num); + num); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(InhibitAnyPolicyExtension.OID, ext, info); } catch (EProfileException e) { CMS.debug("InhibitAnyPolicyExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } InhibitAnyPolicyExtension ext = - (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); + (InhibitAnyPolicyExtension) + getExtension(InhibitAnyPolicyExtension.OID, info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { ext = (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); + getExtension(InhibitAnyPolicyExtension.OID, info); if (ext == null) { return null; @@ -203,17 +200,17 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { } } else if (name.equals(VAL_SKIP_CERTS)) { ext = (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); + getExtension(InhibitAnyPolicyExtension.OID, info); if (ext == null) { return null; } BigInt n = ext.getSkipCerts(); - return ""+n.toInt(); + return "" + n.toInt(); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); + } } /* @@ -221,20 +218,20 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { * a profile */ public String getText(Locale locale) { - StringBuffer sb = new StringBuffer(); + StringBuffer sb = new StringBuffer(); sb.append(SKIP_CERTS + ":"); sb.append(getConfig(CONFIG_SKIP_CERTS)); - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_INHIBIT_ANY_POLICY_EXT", - getConfig(CONFIG_CRITICAL), sb.toString()); + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_INHIBIT_ANY_POLICY_EXT", + getConfig(CONFIG_CRITICAL), sb.toString()); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { InhibitAnyPolicyExtension ext = null; ext = createExtension(request); @@ -242,7 +239,7 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { } public InhibitAnyPolicyExtension createExtension(IRequest request) - throws EProfileException { + throws EProfileException { InhibitAnyPolicyExtension ext = null; boolean critical = Boolean.valueOf( @@ -259,7 +256,7 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { val = new BigInt(b); } catch (NumberFormatException e) { throw new EProfileException( - CMS.getUserMessage("CMS_PROFILE_INHIBIT_ANY_POLICY_WRONG_SKIP_CERTS")); + CMS.getUserMessage("CMS_PROFILE_INHIBIT_ANY_POLICY_WRONG_SKIP_CERTS")); } try { diff --git a/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java index 8f8837ebd..e0f044351 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -39,12 +38,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a issuer alternative name extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class IssuerAltNameExtDefault extends EnrollExtDefault { @@ -67,25 +65,25 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_TYPE)) { return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", "RFC822Name", - CMS.getUserMessage(locale, - "CMS_PROFILE_ISSUER_ALT_NAME_TYPE")); + CMS.getUserMessage(locale, + "CMS_PROFILE_ISSUER_ALT_NAME_TYPE")); } else if (name.equals(CONFIG_PATTERN)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_ISSUER_ALT_NAME_PATTERN")); + CMS.getUserMessage(locale, + "CMS_PROFILE_ISSUER_ALT_NAME_PATTERN")); } else { return null; } @@ -93,11 +91,11 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_GENERAL_NAMES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES")); } else { @@ -106,13 +104,13 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { IssuerAlternativeNameExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -120,20 +118,19 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { (IssuerAlternativeNameExtension) getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - + if (name.equals(VAL_CRITICAL)) { - ext = + ext = (IssuerAlternativeNameExtension) getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); @@ -145,7 +142,7 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { ext.setCritical(critical); } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = + ext = (IssuerAlternativeNameExtension) getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); @@ -166,34 +163,34 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { GeneralNameInterface n = parseGeneralName(gname); if (n != null) { - gn.addElement(n); + gn.addElement(n); } } ext.set(IssuerAlternativeNameExtension.ISSUER_NAME, gn); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension( - PKIXExtensions.IssuerAlternativeName_Id.toString(), - ext, info); + PKIXExtensions.IssuerAlternativeName_Id.toString(), + ext, info); } catch (IOException e) { CMS.debug("IssuerAltNameExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } catch (EProfileException e) { CMS.debug("IssuerAltNameExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { try { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -201,23 +198,22 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { (IssuerAlternativeNameExtension) getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = - (IssuerAlternativeNameExtension) - getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); + ext = + (IssuerAlternativeNameExtension) + getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); if (ext == null) { return null; @@ -228,16 +224,15 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { return "false"; } } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = - (IssuerAlternativeNameExtension) - getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); - if(ext == null) - { + ext = + (IssuerAlternativeNameExtension) + getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); + if (ext == null) { return ""; } GeneralNames names = (GeneralNames) - ext.get(IssuerAlternativeNameExtension.ISSUER_NAME); + ext.get(IssuerAlternativeNameExtension.ISSUER_NAME); StringBuffer sb = new StringBuffer(); Enumeration e = names.elements(); @@ -246,17 +241,17 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { if (!sb.toString().equals("")) { sb.append("\r\n"); - } + } sb.append(toGeneralNameString(gn)); } return sb.toString(); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } catch (IOException e) { - CMS.debug("IssuerAltNameExtDefault: getValue " + - e.toString()); + CMS.debug("IssuerAltNameExtDefault: getValue " + + e.toString()); } return null; } @@ -275,7 +270,7 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { IssuerAlternativeNameExtension ext = null; try { @@ -284,35 +279,35 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { } catch (IOException e) { CMS.debug("IssuerAltNameExtDefault: populate " + e.toString()); } - addExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), - ext, info); + addExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), + ext, info); } - public IssuerAlternativeNameExtension createExtension(IRequest request) - throws IOException { - IssuerAlternativeNameExtension ext = null; + public IssuerAlternativeNameExtension createExtension(IRequest request) + throws IOException { + IssuerAlternativeNameExtension ext = null; try { ext = new IssuerAlternativeNameExtension(); } catch (Exception e) { CMS.debug(e.toString()); - throw new IOException( e.toString() ); + throw new IOException(e.toString()); } boolean critical = Boolean.valueOf( - getConfig(CONFIG_CRITICAL)).booleanValue(); + getConfig(CONFIG_CRITICAL)).booleanValue(); String pattern = getConfig(CONFIG_PATTERN); if (!pattern.equals("")) { - GeneralNames gn = new GeneralNames(); + GeneralNames gn = new GeneralNames(); String gname = ""; - if(request != null) { + if (request != null) { gname = mapPattern(request, pattern); } gn.addElement(parseGeneralName( - getConfig(CONFIG_TYPE) + ":" + gname)); + getConfig(CONFIG_TYPE) + ":" + gname)); ext.set(IssuerAlternativeNameExtension.ISSUER_NAME, gn); } ext.setCritical(critical); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java index c8ed92810..1bfda9ad9 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Locale; @@ -34,25 +33,24 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a Key Usage extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class KeyUsageExtDefault extends EnrollExtDefault { public static final String CONFIG_CRITICAL = "keyUsageCritical"; - public static final String CONFIG_DIGITAL_SIGNATURE = - "keyUsageDigitalSignature"; - public static final String CONFIG_NON_REPUDIATION = - "keyUsageNonRepudiation"; - public static final String CONFIG_KEY_ENCIPHERMENT = - "keyUsageKeyEncipherment"; - public static final String CONFIG_DATA_ENCIPHERMENT = - "keyUsageDataEncipherment"; + public static final String CONFIG_DIGITAL_SIGNATURE = + "keyUsageDigitalSignature"; + public static final String CONFIG_NON_REPUDIATION = + "keyUsageNonRepudiation"; + public static final String CONFIG_KEY_ENCIPHERMENT = + "keyUsageKeyEncipherment"; + public static final String CONFIG_DATA_ENCIPHERMENT = + "keyUsageDataEncipherment"; public static final String CONFIG_KEY_AGREEMENT = "keyUsageKeyAgreement"; public static final String CONFIG_KEY_CERTSIGN = "keyUsageKeyCertSign"; public static final String CONFIG_CRL_SIGN = "keyUsageCrlSign"; @@ -60,14 +58,14 @@ public class KeyUsageExtDefault extends EnrollExtDefault { public static final String CONFIG_DECIPHER_ONLY = "keyUsageDecipherOnly"; public static final String VAL_CRITICAL = "keyUsageCritical"; - public static final String VAL_DIGITAL_SIGNATURE = - "keyUsageDigitalSignature"; - public static final String VAL_NON_REPUDIATION = - "keyUsageNonRepudiation"; - public static final String VAL_KEY_ENCIPHERMENT = - "keyUsageKeyEncipherment"; - public static final String VAL_DATA_ENCIPHERMENT = - "keyUsageDataEncipherment"; + public static final String VAL_DIGITAL_SIGNATURE = + "keyUsageDigitalSignature"; + public static final String VAL_NON_REPUDIATION = + "keyUsageNonRepudiation"; + public static final String VAL_KEY_ENCIPHERMENT = + "keyUsageKeyEncipherment"; + public static final String VAL_DATA_ENCIPHERMENT = + "keyUsageDataEncipherment"; public static final String VAL_KEY_AGREEMENT = "keyUsageKeyAgreement"; public static final String VAL_KEY_CERTSIGN = "keyUsageKeyCertSign"; public static final String VAL_CRL_SIGN = "keyUsageCrlSign"; @@ -100,21 +98,21 @@ public class KeyUsageExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_DIGITAL_SIGNATURE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_DIGITAL_SIGNATURE")); } else if (name.equals(CONFIG_NON_REPUDIATION)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_NON_REPUDIATION")); } else if (name.equals(CONFIG_KEY_ENCIPHERMENT)) { @@ -152,15 +150,15 @@ public class KeyUsageExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_DIGITAL_SIGNATURE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_DIGITAL_SIGNATURE")); } else if (name.equals(VAL_NON_REPUDIATION)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_NON_REPUDIATION")); } else if (name.equals(VAL_KEY_ENCIPHERMENT)) { @@ -197,158 +195,157 @@ public class KeyUsageExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { KeyUsageExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } - + if (name.equals(VAL_CRITICAL)) { ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - boolean val = Boolean.valueOf(value).booleanValue(); + boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) { + if (ext == null) { return; } ext.setCritical(val); - } else if (name.equals(VAL_DIGITAL_SIGNATURE)) { + } else if (name.equals(VAL_DIGITAL_SIGNATURE)) { ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.DIGITAL_SIGNATURE, val); } else if (name.equals(VAL_NON_REPUDIATION)) { ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.NON_REPUDIATION, val); } else if (name.equals(VAL_KEY_ENCIPHERMENT)) { ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.KEY_ENCIPHERMENT, val); } else if (name.equals(VAL_DATA_ENCIPHERMENT)) { ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.DATA_ENCIPHERMENT, val); } else if (name.equals(VAL_KEY_AGREEMENT)) { ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.KEY_AGREEMENT, val); } else if (name.equals(VAL_KEY_CERTSIGN)) { ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.KEY_CERTSIGN, val); } else if (name.equals(VAL_CRL_SIGN)) { ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.CRL_SIGN, val); } else if (name.equals(VAL_ENCIPHER_ONLY)) { ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.ENCIPHER_ONLY, val); } else if (name.equals(VAL_DECIPHER_ONLY)) { ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.DECIPHER_ONLY, val); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(PKIXExtensions.KeyUsage_Id.toString(), ext, info); } catch (IOException e) { CMS.debug("KeyUsageExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } catch (EProfileException e) { CMS.debug("KeyUsageExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { try { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } KeyUsageExtension ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; @@ -360,117 +357,117 @@ public class KeyUsageExtDefault extends EnrollExtDefault { } } else if (name.equals(VAL_DIGITAL_SIGNATURE)) { ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) - ext.get(KeyUsageExtension.DIGITAL_SIGNATURE); + ext.get(KeyUsageExtension.DIGITAL_SIGNATURE); return val.toString(); } else if (name.equals(VAL_NON_REPUDIATION)) { ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) - ext.get(KeyUsageExtension.NON_REPUDIATION); + ext.get(KeyUsageExtension.NON_REPUDIATION); return val.toString(); } else if (name.equals(VAL_KEY_ENCIPHERMENT)) { ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) - ext.get(KeyUsageExtension.KEY_ENCIPHERMENT); + ext.get(KeyUsageExtension.KEY_ENCIPHERMENT); return val.toString(); } else if (name.equals(VAL_DATA_ENCIPHERMENT)) { ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) - ext.get(KeyUsageExtension.DATA_ENCIPHERMENT); + ext.get(KeyUsageExtension.DATA_ENCIPHERMENT); return val.toString(); } else if (name.equals(VAL_KEY_AGREEMENT)) { ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) - ext.get(KeyUsageExtension.KEY_AGREEMENT); + ext.get(KeyUsageExtension.KEY_AGREEMENT); return val.toString(); } else if (name.equals(VAL_KEY_CERTSIGN)) { ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) - ext.get(KeyUsageExtension.KEY_CERTSIGN); + ext.get(KeyUsageExtension.KEY_CERTSIGN); return val.toString(); } else if (name.equals(VAL_CRL_SIGN)) { ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) - ext.get(KeyUsageExtension.CRL_SIGN); + ext.get(KeyUsageExtension.CRL_SIGN); return val.toString(); } else if (name.equals(VAL_ENCIPHER_ONLY)) { ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) - ext.get(KeyUsageExtension.ENCIPHER_ONLY); + ext.get(KeyUsageExtension.ENCIPHER_ONLY); return val.toString(); } else if (name.equals(VAL_DECIPHER_ONLY)) { ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) - ext.get(KeyUsageExtension.DECIPHER_ONLY); + ext.get(KeyUsageExtension.DECIPHER_ONLY); return val.toString(); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } catch (IOException e) { CMS.debug("KeyUsageExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_DIGITAL_SIGNATURE), - getConfig(CONFIG_NON_REPUDIATION), - getConfig(CONFIG_KEY_ENCIPHERMENT), - getConfig(CONFIG_DATA_ENCIPHERMENT), - getConfig(CONFIG_KEY_AGREEMENT), - getConfig(CONFIG_KEY_CERTSIGN), - getConfig(CONFIG_CRL_SIGN), - getConfig(CONFIG_ENCIPHER_ONLY), + getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_DIGITAL_SIGNATURE), + getConfig(CONFIG_NON_REPUDIATION), + getConfig(CONFIG_KEY_ENCIPHERMENT), + getConfig(CONFIG_DATA_ENCIPHERMENT), + getConfig(CONFIG_KEY_AGREEMENT), + getConfig(CONFIG_KEY_CERTSIGN), + getConfig(CONFIG_CRL_SIGN), + getConfig(CONFIG_ENCIPHER_ONLY), getConfig(CONFIG_DECIPHER_ONLY) }; @@ -482,14 +479,14 @@ public class KeyUsageExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { KeyUsageExtension ext = createKeyUsageExtension(); addExtension(PKIXExtensions.KeyUsage_Id.toString(), ext, info); } public KeyUsageExtension createKeyUsageExtension() { - KeyUsageExtension ext = null; + KeyUsageExtension ext = null; boolean[] bits = new boolean[KeyUsageExtension.NBITS]; boolean critical = getConfigBoolean(CONFIG_CRITICAL); @@ -506,8 +503,8 @@ public class KeyUsageExtDefault extends EnrollExtDefault { try { ext = new KeyUsageExtension(critical, bits); } catch (Exception e) { - CMS.debug("KeyUsageExtDefault: createKeyUsageExtension " + - e.toString()); + CMS.debug("KeyUsageExtDefault: createKeyUsageExtension " + + e.toString()); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java index 01e92d6a7..cc96f3e90 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Locale; @@ -34,12 +33,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a Netscape comment extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class NSCCommentExtDefault extends EnrollExtDefault { @@ -60,13 +58,13 @@ public class NSCCommentExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_COMMENT)) { @@ -80,7 +78,7 @@ public class NSCCommentExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_COMMENT)) { @@ -93,13 +91,13 @@ public class NSCCommentExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { NSCCommentExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -108,8 +106,8 @@ public class NSCCommentExtDefault extends EnrollExtDefault { ext = (NSCCommentExtension) getExtension(oid.toString(), info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } if (name.equals(VAL_CRITICAL)) { @@ -118,27 +116,27 @@ public class NSCCommentExtDefault extends EnrollExtDefault { getExtension(oid.toString(), info); boolean val = Boolean.valueOf(value).booleanValue(); - if (ext == null) { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_COMMENT)) { + ext.setCritical(val); + } else if (name.equals(VAL_COMMENT)) { ext = (NSCCommentExtension) getExtension(oid.toString(), info); - if (ext == null) { + if (ext == null) { return; } boolean critical = ext.isCritical(); if (value == null || value.equals("")) ext = new NSCCommentExtension(critical, ""); - // throw new EPropertyException(name+" cannot be empty"); + // throw new EPropertyException(name+" cannot be empty"); else ext = new NSCCommentExtension(critical, value); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -151,12 +149,12 @@ public class NSCCommentExtDefault extends EnrollExtDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { NSCCommentExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -165,14 +163,13 @@ public class NSCCommentExtDefault extends EnrollExtDefault { ext = (NSCCommentExtension) getExtension(oid.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } @@ -190,7 +187,7 @@ public class NSCCommentExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_COMMENT)) { + } else if (name.equals(VAL_COMMENT)) { ext = (NSCCommentExtension) getExtension(oid.toString(), info); @@ -202,17 +199,17 @@ public class NSCCommentExtDefault extends EnrollExtDefault { if (comment == null) comment = ""; - + return comment; } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { String params[] = { - getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_CRITICAL), getConfig(CONFIG_COMMENT) }; @@ -223,14 +220,14 @@ public class NSCCommentExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { NSCCommentExtension ext = createExtension(); addExtension(ext.getExtensionId().toString(), ext, info); } public NSCCommentExtension createExtension() { - NSCCommentExtension ext = null; + NSCCommentExtension ext = null; try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); @@ -241,8 +238,8 @@ public class NSCCommentExtDefault extends EnrollExtDefault { else ext = new NSCCommentExtension(critical, comment); } catch (Exception e) { - CMS.debug("NSCCommentExtension: createExtension " + - e.toString()); + CMS.debug("NSCCommentExtension: createExtension " + + e.toString()); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java index e3438ccf6..0677ef69f 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.security.cert.CertificateException; import java.util.Locale; @@ -33,12 +32,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a Netscape Certificate Type extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class NSCertTypeExtDefault extends EnrollExtDefault { @@ -83,11 +81,11 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { return new Descriptor(IDescriptor.BOOLEAN, null, "false", @@ -127,7 +125,7 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_SSL_CLIENT)) { @@ -135,7 +133,7 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { "false", CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CLIENT")); } else if (name.equals(VAL_SSL_SERVER)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_SSL_SERVER")); } else if (name.equals(VAL_EMAIL)) { @@ -155,7 +153,7 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { "false", CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL_CA")); } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING_CA")); } else { @@ -164,8 +162,8 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { NSCertTypeExtension ext = null; @@ -174,12 +172,11 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { locale, "CMS_INVALID_PROPERTY", name)); } - ext = (NSCertTypeExtension) getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } if (name.equals(VAL_CRITICAL)) { @@ -187,69 +184,69 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { getExtension(NSCertTypeExtension.CertType_Id.toString(), info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) { - return ; + if (ext == null) { + return; } - ext.setCritical(val); - } else if (name.equals(VAL_SSL_CLIENT)) { + ext.setCritical(val); + } else if (name.equals(VAL_SSL_CLIENT)) { ext = (NSCertTypeExtension) getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) { - return ; + if (ext == null) { + return; } Boolean val = Boolean.valueOf(value); ext.set(NSCertTypeExtension.SSL_CLIENT, val); - } else if (name.equals(VAL_SSL_SERVER)) { + } else if (name.equals(VAL_SSL_SERVER)) { ext = (NSCertTypeExtension) getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) { - return ; + if (ext == null) { + return; } Boolean val = Boolean.valueOf(value); ext.set(NSCertTypeExtension.SSL_SERVER, val); - } else if (name.equals(VAL_EMAIL)) { + } else if (name.equals(VAL_EMAIL)) { ext = (NSCertTypeExtension) getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) { - return ; + if (ext == null) { + return; } Boolean val = Boolean.valueOf(value); ext.set(NSCertTypeExtension.EMAIL, val); - } else if (name.equals(VAL_OBJECT_SIGNING)) { + } else if (name.equals(VAL_OBJECT_SIGNING)) { ext = (NSCertTypeExtension) getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) { - return ; + if (ext == null) { + return; } Boolean val = Boolean.valueOf(value); ext.set(NSCertTypeExtension.OBJECT_SIGNING, val); - } else if (name.equals(VAL_SSL_CA)) { + } else if (name.equals(VAL_SSL_CA)) { ext = (NSCertTypeExtension) getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) { - return ; + if (ext == null) { + return; } Boolean val = Boolean.valueOf(value); ext.set(NSCertTypeExtension.SSL_CA, val); - } else if (name.equals(VAL_EMAIL_CA)) { + } else if (name.equals(VAL_EMAIL_CA)) { ext = (NSCertTypeExtension) getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) { - return ; + if (ext == null) { + return; } Boolean val = Boolean.valueOf(value); ext.set(NSCertTypeExtension.EMAIL_CA, val); - } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { + } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { ext = (NSCertTypeExtension) getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) { - return ; + if (ext == null) { + return; } Boolean val = Boolean.valueOf(value); @@ -266,31 +263,30 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { try { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } NSCertTypeExtension ext = (NSCertTypeExtension) getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; @@ -300,63 +296,63 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_SSL_CLIENT)) { + } else if (name.equals(VAL_SSL_CLIENT)) { ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_CLIENT); return val.toString(); - } else if (name.equals(VAL_SSL_SERVER)) { + } else if (name.equals(VAL_SSL_SERVER)) { ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_SERVER); return val.toString(); - } else if (name.equals(VAL_EMAIL)) { + } else if (name.equals(VAL_EMAIL)) { ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) ext.get(NSCertTypeExtension.EMAIL); return val.toString(); - } else if (name.equals(VAL_OBJECT_SIGNING)) { + } else if (name.equals(VAL_OBJECT_SIGNING)) { ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) ext.get(NSCertTypeExtension.OBJECT_SIGNING); return val.toString(); - } else if (name.equals(VAL_SSL_CA)) { + } else if (name.equals(VAL_SSL_CA)) { ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_CA); return val.toString(); - } else if (name.equals(VAL_EMAIL_CA)) { + } else if (name.equals(VAL_EMAIL_CA)) { ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) ext.get(NSCertTypeExtension.EMAIL_CA); return val.toString(); - } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { + } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } @@ -364,7 +360,7 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { return val.toString(); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } catch (CertificateException e) { @@ -375,13 +371,13 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { public String getText(Locale locale) { String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_SSL_CLIENT), - getConfig(CONFIG_SSL_SERVER), - getConfig(CONFIG_EMAIL), - getConfig(CONFIG_OBJECT_SIGNING), - getConfig(CONFIG_SSL_CA), - getConfig(CONFIG_EMAIL_CA), + getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_SSL_CLIENT), + getConfig(CONFIG_SSL_SERVER), + getConfig(CONFIG_EMAIL), + getConfig(CONFIG_OBJECT_SIGNING), + getConfig(CONFIG_SSL_CA), + getConfig(CONFIG_EMAIL_CA), getConfig(CONFIG_OBJECT_SIGNING_CA) }; @@ -393,14 +389,14 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { NSCertTypeExtension ext = createExtension(); addExtension(NSCertTypeExtension.CertType_Id.toString(), ext, info); } public NSCertTypeExtension createExtension() { - NSCertTypeExtension ext = null; + NSCertTypeExtension ext = null; boolean[] bits = new boolean[NSCertTypeExtension.NBITS]; boolean critical = getConfigBoolean(CONFIG_CRITICAL); @@ -415,8 +411,8 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { try { ext = new NSCertTypeExtension(critical, bits); } catch (Exception e) { - CMS.debug("NSCertTypeExtDefault: createExtension " + - e.toString()); + CMS.debug("NSCertTypeExtDefault: createExtension " + + e.toString()); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java index 065b30444..45db35767 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -41,25 +40,24 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a name constraint extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class NameConstraintsExtDefault extends EnrollExtDefault { public static final String CONFIG_CRITICAL = "nameConstraintsCritical"; - public static final String CONFIG_NUM_PERMITTED_SUBTREES = - "nameConstraintsNumPermittedSubtrees"; + public static final String CONFIG_NUM_PERMITTED_SUBTREES = + "nameConstraintsNumPermittedSubtrees"; public static final String CONFIG_PERMITTED_MIN_VAL = "nameConstraintsPermittedSubtreeMinValue_"; public static final String CONFIG_PERMITTED_MAX_VAL = "nameConstraintsPermittedSubtreeMaxValue_"; public static final String CONFIG_PERMITTED_NAME_CHOICE = "nameConstraintsPermittedSubtreeNameChoice_"; public static final String CONFIG_PERMITTED_NAME_VAL = "nameConstraintsPermittedSubtreeNameValue_"; public static final String CONFIG_PERMITTED_ENABLE = "nameConstraintsPermittedSubtreeEnable_"; - + public static final String CONFIG_NUM_EXCLUDED_SUBTREES = "nameConstraintsNumExcludedSubtrees"; public static final String CONFIG_EXCLUDED_MIN_VAL = "nameConstraintsExcludedSubtreeMinValue_"; public static final String CONFIG_EXCLUDED_MAX_VAL = "nameConstraintsExcludedSubtreeMaxValue_"; @@ -87,7 +85,7 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); @@ -128,41 +126,40 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { return num; } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_PERMITTED_SUBTREES)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_PERMITTED_SUBTREES || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_PERMITTED_SUBTREES || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_PERMITTED_SUBTREES)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_PERMITTED_SUBTREES)); - } - } else if(name.equals(CONFIG_NUM_EXCLUDED_SUBTREES)) { + } + } else if (name.equals(CONFIG_NUM_EXCLUDED_SUBTREES)) { try { - num = Integer.parseInt(value); + num = Integer.parseInt(value); - if (num >= MAX_NUM_EXCLUDED_SUBTREES || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_EXCLUDED_SUBTREES || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_EXCLUDED_SUBTREES)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_EXCLUDED_SUBTREES)); - } + } } super.setConfig(name, value); } - public Enumeration<String> getConfigNames() { refreshConfigAndValueNames(); return super.getConfigNames(); @@ -203,50 +200,49 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_PERMITTED_MIN_VAL)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_MIN_VAL")); } else if (name.startsWith(CONFIG_PERMITTED_MAX_VAL)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_MAX_VAL")); } else if (name.startsWith(CONFIG_PERMITTED_NAME_CHOICE)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_NAME_CHOICE")); } else if (name.startsWith(CONFIG_PERMITTED_NAME_VAL)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_NAME_VAL")); } else if (name.startsWith(CONFIG_PERMITTED_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); } else if (name.startsWith(CONFIG_EXCLUDED_MIN_VAL)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_MIN_VAL")); } else if (name.startsWith(CONFIG_EXCLUDED_MAX_VAL)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_MAX_VAL")); } else if (name.startsWith(CONFIG_EXCLUDED_NAME_CHOICE)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_NAME_CHOICE")); } else if (name.startsWith(CONFIG_EXCLUDED_NAME_VAL)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_NAME_VAL")); } else if (name.startsWith(CONFIG_EXCLUDED_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); } else if (name.startsWith(CONFIG_NUM_EXCLUDED_SUBTREES)) { @@ -255,23 +251,23 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { CMS.getUserMessage(locale, "CMS_PROFILE_NUM_EXCLUDED_SUBTREES")); } else if (name.startsWith(CONFIG_NUM_PERMITTED_SUBTREES)) { return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_PERMITTED_SUBTREES")); + "1", + CMS.getUserMessage(locale, "CMS_PROFILE_NUM_PERMITTED_SUBTREES")); } return null; } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_PERMITTED_SUBTREES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_SUBTREES")); } else if (name.equals(VAL_EXCLUDED_SUBTREES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_SUBTREES")); } else { @@ -280,21 +276,21 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { NameConstraintsExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (NameConstraintsExtension) getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } if (name.equals(VAL_CRITICAL)) { @@ -302,19 +298,19 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_PERMITTED_SUBTREES)) { + ext.setCritical(val); + } else if (name.equals(VAL_PERMITTED_SUBTREES)) { ext = (NameConstraintsExtension) getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } if ((value == null) || (value.equals("null")) || (value.equals(""))) { - CMS.debug("NameConstraintsExtDefault:setValue : " + + CMS.debug("NameConstraintsExtDefault:setValue : " + "blank value for permitted subtrees ... returning"); return; } @@ -323,17 +319,17 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { Vector permittedSubtrees = createSubtrees(locale, v); - ext.set(NameConstraintsExtension.PERMITTED_SUBTREES, - new GeneralSubtrees(permittedSubtrees)); + ext.set(NameConstraintsExtension.PERMITTED_SUBTREES, + new GeneralSubtrees(permittedSubtrees)); } else if (name.equals(VAL_EXCLUDED_SUBTREES)) { ext = (NameConstraintsExtension) getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } if ((value == null) || (value.equals("null")) || (value.equals(""))) { - CMS.debug("NameConstraintsExtDefault:setValue : " + + CMS.debug("NameConstraintsExtDefault:setValue : " + "blank value for excluded subtrees ... returning"); return; } @@ -341,21 +337,21 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { Vector excludedSubtrees = createSubtrees(locale, v); - ext.set(NameConstraintsExtension.EXCLUDED_SUBTREES, - new GeneralSubtrees(excludedSubtrees)); + ext.set(NameConstraintsExtension.EXCLUDED_SUBTREES, + new GeneralSubtrees(excludedSubtrees)); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(PKIXExtensions.NameConstraints_Id.toString(), ext, info); } catch (IOException e) { CMS.debug("NameConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } catch (EProfileException e) { CMS.debug("NameConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -385,16 +381,16 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { } else if (name1.equals(MAX_VALUE)) { maxS = nvps.getValue(name1); } - } + } if (choice == null || choice.length() == 0) { throw new EPropertyException(CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAME_NOT_FOUND")); } - + if (val == null) val = ""; - + int min = 0; int max = -1; @@ -410,7 +406,7 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { gnI = parseGeneralName(choice + ":" + val); } catch (IOException e) { CMS.debug("NameConstraintsExtDefault: createSubtress " + - e.toString()); + e.toString()); } if (gnI != null) { @@ -423,32 +419,31 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { gn, min, max); subtrees.addElement(subtree); - } + } return subtrees; } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { NameConstraintsExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (NameConstraintsExtension) - getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); + getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } @@ -465,7 +460,7 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_PERMITTED_SUBTREES)) { + } else if (name.equals(VAL_PERMITTED_SUBTREES)) { ext = (NameConstraintsExtension) getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); @@ -475,19 +470,19 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { GeneralSubtrees subtrees = null; try { - subtrees = (GeneralSubtrees) + subtrees = (GeneralSubtrees) ext.get(NameConstraintsExtension.PERMITTED_SUBTREES); } catch (IOException e) { CMS.debug("NameConstraintExtDefault: getValue " + e.toString()); } - if( subtrees == null ) { - CMS.debug( "NameConstraintsExtDefault::getValue() VAL_PERMITTED_SUBTREES is null!" ); - throw new EPropertyException( "subtrees is null" ); + if (subtrees == null) { + CMS.debug("NameConstraintsExtDefault::getValue() VAL_PERMITTED_SUBTREES is null!"); + throw new EPropertyException("subtrees is null"); } return getSubtreesInfo(ext, subtrees); - } else if (name.equals(VAL_EXCLUDED_SUBTREES)) { + } else if (name.equals(VAL_EXCLUDED_SUBTREES)) { ext = (NameConstraintsExtension) getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); @@ -497,26 +492,26 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { GeneralSubtrees subtrees = null; try { - subtrees = (GeneralSubtrees) + subtrees = (GeneralSubtrees) ext.get(NameConstraintsExtension.EXCLUDED_SUBTREES); } catch (IOException e) { CMS.debug("NameConstraintExtDefault: getValue " + e.toString()); } - if( subtrees == null ) { - CMS.debug( "NameConstraintsExtDefault::getValue() VAL_EXCLUDED_SUBTREES is null!" ); - throw new EPropertyException( "subtrees is null" ); + if (subtrees == null) { + CMS.debug("NameConstraintsExtDefault::getValue() VAL_EXCLUDED_SUBTREES is null!"); + throw new EPropertyException("subtrees is null"); } return getSubtreesInfo(ext, subtrees); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } - private String getSubtreesInfo(NameConstraintsExtension ext, - GeneralSubtrees subtrees) throws EPropertyException { + private String getSubtreesInfo(NameConstraintsExtension ext, + GeneralSubtrees subtrees) throws EPropertyException { Vector trees = subtrees.getSubtrees(); int size = trees.size(); @@ -526,8 +521,8 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { GeneralSubtree tree = (GeneralSubtree) trees.elementAt(i); GeneralName gn = tree.getGeneralName(); - String type = getGeneralNameType(gn); - int max = tree.getMaxValue(); + String type = getGeneralNameType(gn); + int max = tree.getMaxValue(); int min = tree.getMinValue(); NameValuePairs pairs = new NameValuePairs(); @@ -540,7 +535,7 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { recs.addElement(pairs); } - + return buildRecords(recs); } @@ -583,8 +578,8 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { sb.append(getConfig(CONFIG_EXCLUDED_MAX_VAL + i)); sb.append("}"); } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_NAME_CONSTRAINTS_EXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_NAME_CONSTRAINTS_EXT", getConfig(CONFIG_CRITICAL), sb.toString()); } @@ -592,14 +587,14 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { NameConstraintsExtension ext = createExtension(); addExtension(PKIXExtensions.NameConstraints_Id.toString(), ext, info); } public NameConstraintsExtension createExtension() { - NameConstraintsExtension ext = null; + NameConstraintsExtension ext = null; try { int num = getNumPermitted(); @@ -637,18 +632,18 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { } } - ext = new NameConstraintsExtension(critical, + ext = new NameConstraintsExtension(critical, new GeneralSubtrees(v), new GeneralSubtrees(v1)); } catch (Exception e) { - CMS.debug("NameConstraintsExtDefault: createExtension " + - e.toString()); + CMS.debug("NameConstraintsExtDefault: createExtension " + + e.toString()); } return ext; } - private GeneralSubtree createSubtree(String choice, String value, - String minS, String maxS) { + private GeneralSubtree createSubtree(String choice, String value, + String minS, String maxS) { GeneralName gn = null; GeneralNameInterface gnI = null; diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java index 283f50833..8197d3de4 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -32,13 +31,12 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements no default policy. - * + * * @version $Revision$, $Date$ */ -public class NoDefault implements IPolicyDefault { +public class NoDefault implements IPolicyDefault { public static final String PROP_NAME = "name"; @@ -55,7 +53,7 @@ public class NoDefault implements IPolicyDefault { } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { } public String getDefaultConfig(String name) { @@ -67,7 +65,7 @@ public class NoDefault implements IPolicyDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mConfig = config; } @@ -79,7 +77,7 @@ public class NoDefault implements IPolicyDefault { * Populates the request with this policy default. */ public void populate(IRequest request) - throws EProfileException { + throws EProfileException { } public Enumeration getValueNames() { @@ -90,9 +88,9 @@ public class NoDefault implements IPolicyDefault { return null; } - public void setValue(String name, Locale locale, IRequest request, - String value) - throws EPropertyException { + public void setValue(String name, Locale locale, IRequest request, + String value) + throws EPropertyException { } public String getValue(String name, Locale locale, IRequest request) { diff --git a/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java index 28a25a6e5..382f3cec3 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.util.Locale; import netscape.security.extensions.OCSPNoCheckExtension; @@ -32,12 +31,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates an OCSP No Check extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class OCSPNoCheckExtDefault extends EnrollExtDefault { @@ -53,13 +51,13 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else { @@ -69,7 +67,7 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else { @@ -78,70 +76,67 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + X509CertInfo info, String value) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } OCSPNoCheckExtension ext = (OCSPNoCheckExtension) getExtension(OCSPNoCheckExtension.OID, info); - - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { ext = (OCSPNoCheckExtension) - getExtension(OCSPNoCheckExtension.OID, info); + getExtension(OCSPNoCheckExtension.OID, info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) { - return; + if (ext == null) { + return; } ext.setCritical(val); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } OCSPNoCheckExtension ext = (OCSPNoCheckExtension) getExtension(OCSPNoCheckExtension.OID, info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { ext = (OCSPNoCheckExtension) - getExtension(OCSPNoCheckExtension.OID, info); + getExtension(OCSPNoCheckExtension.OID, info); if (ext == null) { return null; @@ -152,7 +147,7 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault { return "false"; } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -166,20 +161,20 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { OCSPNoCheckExtension ext = createExtension(); addExtension(OCSPNoCheckExtension.OID, ext, info); } public OCSPNoCheckExtension createExtension() { - OCSPNoCheckExtension ext = null; + OCSPNoCheckExtension ext = null; try { ext = new OCSPNoCheckExtension(); } catch (Exception e) { CMS.debug("OCSPNoCheckExtDefault: createExtension " + - e.toString()); + e.toString()); return null; } boolean critical = getConfigBoolean(CONFIG_CRITICAL); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java index 9a36f0cd8..db9b95a04 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Locale; @@ -34,12 +33,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a policy constraints extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class PolicyConstraintsExtDefault extends EnrollExtDefault { @@ -64,17 +62,17 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_REQ_EXPLICIT_POLICY)) { - return new Descriptor(IDescriptor.INTEGER, null, + return new Descriptor(IDescriptor.INTEGER, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_REQUIRED_EXPLICIT_POLICY")); } else if (name.equals(CONFIG_INHIBIT_POLICY_MAPPING)) { @@ -87,11 +85,11 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { - return new Descriptor(IDescriptor.INTEGER, null, + return new Descriptor(IDescriptor.INTEGER, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_REQUIRED_EXPLICIT_POLICY")); } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) { @@ -103,104 +101,103 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { PolicyConstraintsExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (PolicyConstraintsExtension) getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); + info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } if (name.equals(VAL_CRITICAL)) { ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); + getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), + info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { + ext.setCritical(val); + } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); - - if(ext == null) { + getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), + info); + + if (ext == null) { return; - } + } Integer num = new Integer(value); ext.set(PolicyConstraintsExtension.REQUIRE, num); - } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) { + } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) { ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); + getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), + info); - if(ext == null) { + if (ext == null) { return; } Integer num = new Integer(value); ext.set(PolicyConstraintsExtension.INHIBIT, num); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - ext, info); + ext, info); } catch (EProfileException e) { CMS.debug("PolicyConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } catch (IOException e) { CMS.debug("PolicyConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { PolicyConstraintsExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (PolicyConstraintsExtension) getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); - if(ext == null) - { + info); + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); + getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), + info); if (ext == null) { return null; @@ -210,10 +207,10 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { + } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); + getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), + info); if (ext == null) return ""; @@ -223,8 +220,8 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { return "" + num; } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) { ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); + getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), + info); if (ext == null) return ""; @@ -233,15 +230,15 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { return "" + num; } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_REQ_EXPLICIT_POLICY), + getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_REQ_EXPLICIT_POLICY), getConfig(CONFIG_INHIBIT_POLICY_MAPPING) }; @@ -252,17 +249,17 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { PolicyConstraintsExtension ext = createExtension(); if (ext == null) return; - addExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - ext, info); + addExtension(PKIXExtensions.PolicyConstraints_Id.toString(), + ext, info); } public PolicyConstraintsExtension createExtension() { - PolicyConstraintsExtension ext = null; + PolicyConstraintsExtension ext = null; try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); @@ -281,8 +278,8 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { } ext = new PolicyConstraintsExtension(critical, reqNum, inhibitNum); } catch (Exception e) { - CMS.debug("PolicyConstraintsExtDefault: createExtension " + - e.toString()); + CMS.debug("PolicyConstraintsExtDefault: createExtension " + + e.toString()); } return ext; diff --git a/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java index 19bfb3615..f8fcfe15a 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -40,12 +39,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a policy mappings extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class PolicyMappingsExtDefault extends EnrollExtDefault { @@ -85,27 +83,27 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_POLICY_MAPPINGS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_MAPPINGS || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_MAPPINGS || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_POLICY_MAPPINGS)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_POLICY_MAPPINGS)); - } + } } super.setConfig(name, value); } @@ -132,7 +130,7 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { return new Descriptor(IDescriptor.BOOLEAN, null, "false", @@ -151,8 +149,8 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); } else if (name.startsWith(CONFIG_NUM_POLICY_MAPPINGS)) { return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICY_MAPPINGS")); + "1", + CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICY_MAPPINGS")); } return null; @@ -160,7 +158,7 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_DOMAINS)) { @@ -172,43 +170,43 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { PolicyMappingsExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (PolicyMappingsExtension) getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); + info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } if (name.equals(VAL_CRITICAL)) { ext = (PolicyMappingsExtension) - getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); + getExtension(PKIXExtensions.PolicyMappings_Id.toString(), + info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_DOMAINS)) { + ext.setCritical(val); + } else if (name.equals(VAL_DOMAINS)) { ext = (PolicyMappingsExtension) - getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); - - if(ext == null) { + getExtension(PKIXExtensions.PolicyMappings_Id.toString(), + info); + + if (ext == null) { return; - } + } Vector v = parseRecords(value); int size = v.size(); @@ -232,12 +230,12 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { enable = nvps.getValue(name1); } } - + if (enable != null && enable.equals("true")) { - if (issuerPolicyId == null || - issuerPolicyId.length() == 0 || subjectPolicyId == null || - subjectPolicyId.length() == 0) - throw new EPropertyException(CMS.getUserMessage( + if (issuerPolicyId == null || + issuerPolicyId.length() == 0 || subjectPolicyId == null || + subjectPolicyId.length() == 0) + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_PROFILE_POLICY_ID_NOT_FOUND")); CertificatePolicyMap map = new CertificatePolicyMap( new CertificatePolicyId(new ObjectIdentifier(issuerPolicyId)), @@ -248,52 +246,51 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { } ext.set(PolicyMappingsExtension.MAP, policyMaps); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(PKIXExtensions.PolicyMappings_Id.toString(), - ext, info); + ext, info); } catch (EProfileException e) { CMS.debug("PolicyMappingsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } catch (IOException e) { CMS.debug("PolicyMappingsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { PolicyMappingsExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (PolicyMappingsExtension) getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); - if(ext == null) - { + info); + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { ext = (PolicyMappingsExtension) - getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); + getExtension(PKIXExtensions.PolicyMappings_Id.toString(), + info); if (ext == null) { return null; @@ -303,10 +300,10 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_DOMAINS)) { + } else if (name.equals(VAL_DOMAINS)) { ext = (PolicyMappingsExtension) - getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); + getExtension(PKIXExtensions.PolicyMappings_Id.toString(), + info); if (ext == null) return ""; @@ -314,7 +311,7 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { int num_mappings = getNumMappings(); Enumeration maps = ext.getMappings(); - + int num = 0; StringBuffer sb = new StringBuffer(); @@ -323,12 +320,12 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { for (int i = 0; i < num_mappings; i++) { NameValuePairs pairs = new NameValuePairs(); - if (maps.hasMoreElements()) { - CertificatePolicyMap map = - (CertificatePolicyMap) maps.nextElement(); - + if (maps.hasMoreElements()) { + CertificatePolicyMap map = + (CertificatePolicyMap) maps.nextElement(); + CertificatePolicyId i1 = map.getIssuerIdentifier(); - CertificatePolicyId s1 = map.getSubjectIdentifier(); + CertificatePolicyId s1 = map.getSubjectIdentifier(); pairs.add(ISSUER_POLICY_ID, i1.getIdentifier().toString()); pairs.add(SUBJECT_POLICY_ID, s1.getIdentifier().toString()); @@ -337,14 +334,14 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { pairs.add(ISSUER_POLICY_ID, ""); pairs.add(SUBJECT_POLICY_ID, ""); pairs.add(POLICY_ID_ENABLE, "false"); - + } recs.addElement(pairs); - } - + } + return buildRecords(recs); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -368,8 +365,8 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { sb.append(getConfig(CONFIG_ENABLE + i)); sb.append("}"); } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_POLICY_MAPPINGS_EXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_POLICY_MAPPINGS_EXT", getConfig(CONFIG_CRITICAL), sb.toString()); } @@ -377,24 +374,24 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { PolicyMappingsExtension ext = createExtension(); if (ext == null) return; - addExtension(PKIXExtensions.PolicyMappings_Id.toString(), - ext, info); + addExtension(PKIXExtensions.PolicyMappings_Id.toString(), + ext, info); } public PolicyMappingsExtension createExtension() { - PolicyMappingsExtension ext = null; + PolicyMappingsExtension ext = null; try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); Vector policyMaps = new Vector(); int num = getNumMappings(); - for (int i = 0; i < num; i++) { + for (int i = 0; i < num; i++) { String enable = getConfig(CONFIG_ENABLE + i); if (enable != null && enable.equals("true")) { @@ -420,8 +417,8 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { ext = new PolicyMappingsExtension(critical, policyMaps); } catch (Exception e) { - CMS.debug("PolicyMappingsExtDefault: createExtension " + - e.toString()); + CMS.debug("PolicyMappingsExtDefault: createExtension " + + e.toString()); } return ext; diff --git a/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java index f1a71ff98..20285567e 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.text.ParsePosition; import java.text.SimpleDateFormat; import java.util.Date; @@ -37,12 +36,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a Private Key Usage Period extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { @@ -70,13 +68,13 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_START_TIME)) { @@ -93,28 +91,28 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (name.equals(CONFIG_START_TIME)) { - try { - Integer.parseInt(value); - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( + try { + Integer.parseInt(value); + } catch (Exception e) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_START_TIME)); - } + } } else if (name.equals(CONFIG_DURATION)) { - try { - Integer.parseInt(value); - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( + try { + Integer.parseInt(value); + } catch (Exception e) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_DURATION)); - } + } } super.setConfig(name, value); } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_NOT_BEFORE)) { @@ -131,13 +129,13 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { PrivateKeyUsageExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -146,8 +144,8 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } if (name.equals(VAL_CRITICAL)) { @@ -156,38 +154,38 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { getExtension(oid.toString(), info); boolean val = Boolean.valueOf(value).booleanValue(); - if (ext == null) { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); - ParsePosition pos = new ParsePosition(0); + ext.setCritical(val); + } else if (name.equals(VAL_NOT_BEFORE)) { + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); + ParsePosition pos = new ParsePosition(0); Date date = formatter.parse(value, pos); ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info); - if (ext == null) { + if (ext == null) { return; } ext.set(PrivateKeyUsageExtension.NOT_BEFORE, date); - } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); - ParsePosition pos = new ParsePosition(0); + } else if (name.equals(VAL_NOT_AFTER)) { + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); + ParsePosition pos = new ParsePosition(0); Date date = formatter.parse(value, pos); ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info); - if (ext == null) { + if (ext == null) { return; } ext.set(PrivateKeyUsageExtension.NOT_AFTER, date); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -200,12 +198,12 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { PrivateKeyUsageExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -214,14 +212,13 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } @@ -239,9 +236,9 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + } else if (name.equals(VAL_NOT_BEFORE)) { + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info); @@ -250,9 +247,9 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { return ""; return formatter.format(ext.getNotBefore()); - } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + } else if (name.equals(VAL_NOT_AFTER)) { + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info); @@ -262,14 +259,14 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { return formatter.format(ext.getNotAfter()); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { String params[] = { - getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_CRITICAL), getConfig(CONFIG_START_TIME), getConfig(CONFIG_DURATION) }; @@ -281,14 +278,14 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { PrivateKeyUsageExtension ext = createExtension(); addExtension(ext.getExtensionId().toString(), ext, info); } public PrivateKeyUsageExtension createExtension() { - PrivateKeyUsageExtension ext = null; + PrivateKeyUsageExtension ext = null; try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); @@ -296,12 +293,12 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { // always + 60 seconds String startTimeStr = getConfig(CONFIG_START_TIME); - if (startTimeStr == null || startTimeStr.equals("")) { - startTimeStr = "60"; - } - int startTime = Integer.parseInt(startTimeStr); - Date notBefore = new Date(CMS.getCurrentDate().getTime() + - (1000 * startTime)); + if (startTimeStr == null || startTimeStr.equals("")) { + startTimeStr = "60"; + } + int startTime = Integer.parseInt(startTimeStr); + Date notBefore = new Date(CMS.getCurrentDate().getTime() + + (1000 * startTime)); long notAfterVal = 0; notAfterVal = notBefore.getTime() + @@ -309,10 +306,10 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { Date notAfter = new Date(notAfterVal); ext = new PrivateKeyUsageExtension(notBefore, notAfter); - ext.setCritical(critical); + ext.setCritical(critical); } catch (Exception e) { - CMS.debug("PrivateKeyUsagePeriodExt: createExtension " + - e.toString()); + CMS.debug("PrivateKeyUsagePeriodExt: createExtension " + + e.toString()); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java index 4bca93503..11da93fc8 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.util.Locale; import netscape.security.x509.AlgorithmId; @@ -34,12 +33,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a signing algorithm * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class SigningAlgDefault extends EnrollDefault { @@ -47,8 +45,8 @@ public class SigningAlgDefault extends EnrollDefault { public static final String CONFIG_ALGORITHM = "signingAlg"; public static final String VAL_ALGORITHM = "signingAlg"; - public static final String DEF_CONFIG_ALGORITHMS = - "-,MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA"; + public static final String DEF_CONFIG_ALGORITHMS = + "-,MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA"; public SigningAlgDefault() { super(); @@ -57,7 +55,7 @@ public class SigningAlgDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -68,41 +66,39 @@ public class SigningAlgDefault extends EnrollDefault { CMS.getUserMessage(locale, "CMS_PROFILE_SIGNING_ALGORITHM")); } else { return null; - } + } } - public String getSigningAlg() - { - String signingAlg = getConfig(CONFIG_ALGORITHM); - // if specified, use the specified one. Otherwise, pick - // the best selection for the user - if (signingAlg == null || signingAlg.equals("") || - signingAlg.equals("-")) { - // best pick for the user - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); - return ca.getDefaultAlgorithm(); - } else { - return signingAlg; - } + public String getSigningAlg() { + String signingAlg = getConfig(CONFIG_ALGORITHM); + // if specified, use the specified one. Otherwise, pick + // the best selection for the user + if (signingAlg == null || signingAlg.equals("") || + signingAlg.equals("-")) { + // best pick for the user + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); + return ca.getDefaultAlgorithm(); + } else { + return signingAlg; + } } - public String getDefSigningAlgorithms() - { - StringBuffer allowed = new StringBuffer(); - ICertificateAuthority ca = (ICertificateAuthority) + public String getDefSigningAlgorithms() { + StringBuffer allowed = new StringBuffer(); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); - String algos[] = ca.getCASigningAlgorithms(); - for (int i = 0; i < algos.length; i++) { - if (allowed.length()== 0) { - allowed.append(algos[i]); - } else { - allowed.append(","); - allowed.append(algos[i]); + String algos[] = ca.getCASigningAlgorithms(); + for (int i = 0; i < algos.length; i++) { + if (allowed.length() == 0) { + allowed.append(algos[i]); + } else { + allowed.append(","); + allowed.append(algos[i]); + } } - } - return allowed.toString(); - } + return allowed.toString(); + } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_ALGORITHM)) { @@ -115,31 +111,31 @@ public class SigningAlgDefault extends EnrollDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + X509CertInfo info, String value) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_ALGORITHM)) { try { info.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId( - AlgorithmId.getAlgorithmId(value))); + new CertificateAlgorithmId( + AlgorithmId.getAlgorithmId(value))); } catch (Exception e) { CMS.debug("SigningAlgDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) throw new EPropertyException("Invalid name " + name); @@ -151,23 +147,23 @@ public class SigningAlgDefault extends EnrollDefault { algId = (CertificateAlgorithmId) info.get(X509CertInfo.ALGORITHM_ID); AlgorithmId id = (AlgorithmId) - algId.get(CertificateAlgorithmId.ALGORITHM); + algId.get(CertificateAlgorithmId.ALGORITHM); return id.toString(); } catch (Exception e) { CMS.debug("SigningAlgDefault: getValue " + e.toString()); } - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIGNING_ALGORITHM", + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIGNING_ALGORITHM", getSigningAlg()); } @@ -175,11 +171,11 @@ public class SigningAlgDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { try { info.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId( - AlgorithmId.getAlgorithmId(getSigningAlg()))); + new CertificateAlgorithmId( + AlgorithmId.getAlgorithmId(getSigningAlg()))); } catch (Exception e) { CMS.debug("SigningAlgDefault: populate " + e.toString()); } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java index 64d822e8f..c40836518 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -43,12 +42,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a subject alternative name extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class SubjectAltNameExtDefault extends EnrollExtDefault { @@ -91,70 +89,69 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { } if (num >= MAX_NUM_GN) - num = DEF_NUM_GN; + num = DEF_NUM_GN; return num; } - public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { - super.init(profile,config); - refreshConfigAndValueNames(); + super.init(profile, config); + refreshConfigAndValueNames(); // migrate old parameters to new parameters String old_type = null; String old_pattern = null; IConfigStore paramConfig = config.getSubStore("params"); try { - if (paramConfig != null) { - old_type = paramConfig.getString(CONFIG_OLD_TYPE); - } + if (paramConfig != null) { + old_type = paramConfig.getString(CONFIG_OLD_TYPE); + } } catch (EBaseException e) { - // nothing to do here + // nothing to do here } CMS.debug("SubjectAltNameExtDefault: Upgrading old_type=" + old_type); try { - if (paramConfig != null) { - old_pattern = paramConfig.getString(CONFIG_OLD_PATTERN); - } + if (paramConfig != null) { + old_pattern = paramConfig.getString(CONFIG_OLD_PATTERN); + } } catch (EBaseException e) { - // nothing to do here + // nothing to do here } CMS.debug("SubjectAltNameExtDefault: Upgrading old_pattern=" + old_pattern); - if (old_type != null && old_pattern != null) { - CMS.debug("SubjectAltNameExtDefault: Upgrading"); - try { - paramConfig.putString(CONFIG_NUM_GNS, "1"); - paramConfig.putString(CONFIG_GN_ENABLE + "0", "true"); - paramConfig.putString(CONFIG_TYPE + "0", old_type); - paramConfig.putString(CONFIG_PATTERN + "0", old_pattern); - paramConfig.remove(CONFIG_OLD_TYPE); - paramConfig.remove(CONFIG_OLD_PATTERN); - profile.getConfigStore().commit(true); - } catch (Exception e) { - CMS.debug("SubjectAltNameExtDefault: Failed to upgrade " + e); - } + if (old_type != null && old_pattern != null) { + CMS.debug("SubjectAltNameExtDefault: Upgrading"); + try { + paramConfig.putString(CONFIG_NUM_GNS, "1"); + paramConfig.putString(CONFIG_GN_ENABLE + "0", "true"); + paramConfig.putString(CONFIG_TYPE + "0", old_type); + paramConfig.putString(CONFIG_PATTERN + "0", old_pattern); + paramConfig.remove(CONFIG_OLD_TYPE); + paramConfig.remove(CONFIG_OLD_PATTERN); + profile.getConfigStore().commit(true); + } catch (Exception e) { + CMS.debug("SubjectAltNameExtDefault: Failed to upgrade " + e); + } } } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_GNS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_GN || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_GN || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_GNS)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_GNS)); - } + } } super.setConfig(name, value); } @@ -174,29 +171,29 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { int num = getNumGNs(); addConfigName(CONFIG_NUM_GNS); for (int i = 0; i < num; i++) { - addConfigName(CONFIG_TYPE + i); - addConfigName(CONFIG_PATTERN + i); - addConfigName(CONFIG_GN_ENABLE + i); + addConfigName(CONFIG_TYPE + i); + addConfigName(CONFIG_PATTERN + i); + addConfigName(CONFIG_GN_ENABLE + i); } } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { + + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_TYPE)) { return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName,OtherName", "RFC822Name", - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_ALT_NAME_TYPE")); + CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_ALT_NAME_TYPE")); } else if (name.startsWith(CONFIG_PATTERN)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_ALT_NAME_PATTERN")); + CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_ALT_NAME_PATTERN")); } else if (name.startsWith(CONFIG_GN_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_GN_ENABLE")); } else if (name.startsWith(CONFIG_NUM_GNS)) { @@ -210,11 +207,11 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_GENERAL_NAMES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES")); } else { @@ -223,13 +220,13 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { SubjectAlternativeNameExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -237,12 +234,12 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { (SubjectAlternativeNameExtension) getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); - if(ext == null) { - populate(null,info); - } + if (ext == null) { + populate(null, info); + } if (name.equals(VAL_CRITICAL)) { - ext = + ext = (SubjectAlternativeNameExtension) getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); @@ -254,7 +251,7 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { ext.setCritical(critical); } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = + ext = (SubjectAlternativeNameExtension) getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); @@ -279,41 +276,41 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { } GeneralNameInterface n = parseGeneralName(gname); if (n != null) { - gn.addElement(n); + gn.addElement(n); } } if (gn.size() == 0) { - CMS.debug("GN size is zero"); - deleteExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); + CMS.debug("GN size is zero"); + deleteExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); return; } else { - CMS.debug("GN size is non zero (" + gn.size() + ")"); - ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn); + CMS.debug("GN size is non zero (" + gn.size() + ")"); + ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn); } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension( - PKIXExtensions.SubjectAlternativeName_Id.toString(), - ext, info); + PKIXExtensions.SubjectAlternativeName_Id.toString(), + ext, info); } catch (IOException e) { CMS.debug("SubjectAltNameExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } catch (EProfileException e) { CMS.debug("SubjectAltNameExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { try { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -321,22 +318,21 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { (SubjectAlternativeNameExtension) getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = - (SubjectAlternativeNameExtension) - getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); + ext = + (SubjectAlternativeNameExtension) + getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); if (ext == null) { return null; @@ -347,22 +343,22 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { return "false"; } } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = - (SubjectAlternativeNameExtension) - getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); + ext = + (SubjectAlternativeNameExtension) + getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); if (ext == null) { return null; } GeneralNames names = (GeneralNames) - ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME); + ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME); StringBuffer sb = new StringBuffer(); Enumeration e = names.elements(); while (e.hasMoreElements()) { Object o = (Object) e.nextElement(); if (!(o instanceof GeneralName)) - continue; + continue; GeneralName gn = (GeneralName) o; if (!sb.toString().equals("")) { @@ -373,12 +369,12 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { } return sb.toString(); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } catch (IOException e) { - CMS.debug("SubjectAltNameExtDefault: getValue " + - e.toString()); + CMS.debug("SubjectAltNameExtDefault: getValue " + + e.toString()); } return null; } @@ -392,20 +388,21 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { String numGNs = getConfig(CONFIG_NUM_GNS); int num = getNumGNs(); - for (int i= 0; i< num; i++) { + for (int i = 0; i < num; i++) { sb.append("Record #"); sb.append(i); sb.append("{"); sb.append(GN_PATTERN + ":"); sb.append(getConfig(CONFIG_PATTERN + i)); sb.append(","); - sb.append(GN_TYPE +":"); - sb.append(getConfig(CONFIG_TYPE +i)); + sb.append(GN_TYPE + ":"); + sb.append(getConfig(CONFIG_TYPE + i)); sb.append(","); sb.append(GN_ENABLE + ":"); sb.append(getConfig(CONFIG_GN_ENABLE + i)); sb.append("}"); - }; + } + ; return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_ALT_NAME_EXT", getConfig(CONFIG_CRITICAL), sb.toString()); } @@ -414,7 +411,7 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { SubjectAlternativeNameExtension ext = null; try { @@ -425,15 +422,15 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { CMS.debug("SubjectAltNameExtDefault: populate " + e.toString()); } if (ext != null) { - addExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), - ext, info); + addExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), + ext, info); } else { CMS.debug("SubjectAltNameExtDefault: populate sees no extension. get out"); } } public SubjectAlternativeNameExtension createExtension(IRequest request) - throws IOException { + throws IOException { SubjectAlternativeNameExtension ext = null; int num = getNumGNs(); @@ -442,11 +439,11 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { GeneralNames gn = new GeneralNames(); int count = 0; // # of actual gnames - for (int i=0; i< num; i++) { - String enable = getConfig(CONFIG_GN_ENABLE +i); + for (int i = 0; i < num; i++) { + String enable = getConfig(CONFIG_GN_ENABLE + i); if (enable != null && enable.equals("true")) { - CMS.debug("SubjectAltNameExtDefault: createExtension i=" +i); - + CMS.debug("SubjectAltNameExtDefault: createExtension i=" + i); + String pattern = getConfig(CONFIG_PATTERN + i); if (pattern == null || pattern.equals("")) { pattern = " "; @@ -457,28 +454,28 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { // cfu - see if this is server-generated (e.g. UUID4) // to use this feature, use $server.source$ in pattern - String source = getConfig(CONFIG_SOURCE +i); + String source = getConfig(CONFIG_SOURCE + i); String type = getConfig(CONFIG_TYPE + i); if ((source != null) && (!source.equals(""))) { if (type.equalsIgnoreCase("OtherName")) { - CMS.debug("SubjectAlternativeNameExtension: using "+ - source+ " as gn"); + CMS.debug("SubjectAlternativeNameExtension: using " + + source + " as gn"); if (source.equals(CONFIG_SOURCE_UUID4)) { - UUID randUUID = UUID.randomUUID(); - // call the mapPattern that does server-side gen - // request is not used, but needed for the substitute - // function - gname = mapPattern(randUUID.toString(), request, pattern); + UUID randUUID = UUID.randomUUID(); + // call the mapPattern that does server-side gen + // request is not used, but needed for the substitute + // function + gname = mapPattern(randUUID.toString(), request, pattern); } else { //expand more server-gen types here - CMS.debug("SubjectAltNameExtDefault: createExtension - unsupported server-generated type: "+source+". Supported: UUID4"); - continue; + CMS.debug("SubjectAltNameExtDefault: createExtension - unsupported server-generated type: " + source + ". Supported: UUID4"); + continue; } } else { - CMS.debug("SubjectAltNameExtDefault: createExtension - source is only supported for subjAltExtType OtherName"); - continue; + CMS.debug("SubjectAltNameExtDefault: createExtension - source is only supported for subjAltExtType OtherName"); + continue; } } else { - if (request != null) { + if (request != null) { gname = mapPattern(request, pattern); } } @@ -487,11 +484,11 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { CMS.debug("gname is empty, not added"); continue; } - CMS.debug("SubjectAltNameExtDefault: createExtension got gname=" +gname); + CMS.debug("SubjectAltNameExtDefault: createExtension got gname=" + gname); GeneralNameInterface n = parseGeneralName(type + ":" + gname); - CMS.debug("adding gname: "+gname); + CMS.debug("adding gname: " + gname); if (n != null) { CMS.debug("SubjectAlternativeNameExtension: n not null"); gn.addElement(n); @@ -500,26 +497,26 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { CMS.debug("SubjectAlternativeNameExtension: n null"); } } - } + } } //for if (count != 0) { - try { - ext = new SubjectAlternativeNameExtension(); - } catch (Exception e) { - CMS.debug(e.toString()); - throw new IOException( e.toString() ); - } - ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn); - ext.setCritical(critical); + try { + ext = new SubjectAlternativeNameExtension(); + } catch (Exception e) { + CMS.debug(e.toString()); + throw new IOException(e.toString()); + } + ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn); + ext.setCritical(critical); } else { - CMS.debug("count is 0"); - } + CMS.debug("count is 0"); + } return ext; } - public String mapPattern(IRequest request, String pattern) - throws IOException { + public String mapPattern(IRequest request, String pattern) + throws IOException { Pattern p = new Pattern(pattern); IAttrSet attrSet = null; if (request != null) { @@ -529,8 +526,8 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { } // for server-side generated values - public String mapPattern(String val, IRequest request, String pattern) - throws IOException { + public String mapPattern(String val, IRequest request, String pattern) + throws IOException { Pattern p = new Pattern(pattern); IAttrSet attrSet = null; if (request != null) { @@ -539,7 +536,7 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { try { attrSet.set("source", val); } catch (Exception e) { - CMS.debug("SubjectAlternativeNameExtension: mapPattern source "+e.toString()); + CMS.debug("SubjectAlternativeNameExtension: mapPattern source " + e.toString()); } return p.substitute("server", attrSet); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java index 0259fb36e..ca361f6b8 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java @@ -46,7 +46,7 @@ import com.netscape.certsrv.request.IRequest; * This class implements an enrollment default policy * that populates a subject directory attributes extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { @@ -71,7 +71,7 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } @@ -95,26 +95,25 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { int num = 0; if (name.equals(DEF_NUM_ATTRS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_ATTRS || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_ATTRS || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_ATTRS)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_ATTRS)); - } + } } super.setConfig(name, value); } - public Enumeration getConfigNames() { refreshConfigAndValueNames(); return super.getConfigNames(); @@ -136,43 +135,43 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_CRITICAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_ATTR_NAME)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ATTRS")); } else if (name.startsWith(CONFIG_ATTR_NAME)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ATTR_NAME")); } else if (name.startsWith(CONFIG_PATTERN)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ATTR_VALUE")); } else if (name.startsWith(CONFIG_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); } else if (name.startsWith(CONFIG_NUM_ATTRS)) { return new Descriptor(IDescriptor.INTEGER, null, "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ATTRS")); - } + CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ATTRS")); + } return null; } public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + if (name.equals(VAL_CRITICAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_ATTR)) { - return new Descriptor(IDescriptor.STRING_LIST, null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_SUBJDIR_ATTRS")); } else { @@ -181,48 +180,46 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { SubjectDirAttributesExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); + getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + info); if (name.equals(VAL_CRITICAL)) { ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); + getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) - { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_ATTR)) { + ext.setCritical(val); + } else if (name.equals(VAL_ATTR)) { ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); + getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + info); - if(ext == null) - { + if (ext == null) { return; } Vector v = parseRecords(value); int size = v.size(); - + boolean critical = ext.isCritical(); X500NameAttrMap map = X500NameAttrMap.getDefault(); Vector attrV = new Vector(); - for (int i=0; i < size; i++) { + for (int i = 0; i < size; i++) { NameValuePairs nvps = (NameValuePairs) v.elementAt(i); Enumeration names = nvps.getNames(); String attrName = null; @@ -241,8 +238,8 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { } if (enable.equals("true")) { - AttributeConfig attributeConfig = - new AttributeConfig(attrName, attrValue); + AttributeConfig attributeConfig = + new AttributeConfig(attrName, attrValue); Attribute attr = attributeConfig.mAttribute; if (attr != null) attrV.addElement(attr); @@ -256,43 +253,43 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { } else return; } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - ext, info); + ext, info); } catch (EProfileException e) { - CMS.debug("SubjectDirAttributesExtDefault: setValue " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( + CMS.debug("SubjectDirAttributesExtDefault: setValue " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } catch (IOException e) { - CMS.debug("SubjectDirAttributesExtDefault: setValue " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( + CMS.debug("SubjectDirAttributesExtDefault: setValue " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { SubjectDirAttributesExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); + getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + info); if (name.equals(VAL_CRITICAL)) { ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); + getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + info); if (ext == null) { return null; @@ -302,10 +299,10 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_ATTR)) { + } else if (name.equals(VAL_ATTR)) { ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); + getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + info); if (ext == null) return ""; @@ -315,42 +312,42 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { Vector recs = new Vector(); int num = getNumAttrs(); Enumeration e = ext.getAttributesList(); - CMS.debug("SubjectDirAttributesExtDefault: getValue: attributesList="+e); - int i=0; + CMS.debug("SubjectDirAttributesExtDefault: getValue: attributesList=" + e); + int i = 0; while (e.hasMoreElements()) { NameValuePairs pairs = new NameValuePairs(); pairs.add(ENABLE, "true"); - Attribute attr = (Attribute)(e.nextElement()); - CMS.debug("SubjectDirAttributesExtDefault: getValue: attribute="+attr); + Attribute attr = (Attribute) (e.nextElement()); + CMS.debug("SubjectDirAttributesExtDefault: getValue: attribute=" + attr); ObjectIdentifier oid = attr.getOid(); - CMS.debug("SubjectDirAttributesExtDefault: getValue: oid="+oid); - + CMS.debug("SubjectDirAttributesExtDefault: getValue: oid=" + oid); + String vv = map.getName(oid); - if (vv != null) + if (vv != null) pairs.add(ATTR_NAME, vv); else pairs.add(ATTR_NAME, oid.toString()); Enumeration v = attr.getValues(); - + // just support single value for now StringBuffer ss = new StringBuffer(); while (v.hasMoreElements()) { if (ss.length() == 0) - ss.append((String)(v.nextElement())); + ss.append((String) (v.nextElement())); else { ss.append(","); - ss.append((String)(v.nextElement())); + ss.append((String) (v.nextElement())); } } - pairs .add(ATTR_VALUE, ss.toString()); + pairs.add(ATTR_VALUE, ss.toString()); recs.addElement(pairs); i++; } - - for (;i < num; i++) { + + for (; i < num; i++) { NameValuePairs pairs = new NameValuePairs(); pairs.add(ENABLE, "false"); pairs.add(ATTR_NAME, "GENERATIONQUALIFIER"); @@ -360,7 +357,7 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { return buildRecords(recs); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -383,8 +380,8 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { sb.append(getConfig(CONFIG_ENABLE + i)); sb.append("}"); } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_SUBJECT_DIR_ATTR_EXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_SUBJECT_DIR_ATTR_EXT", getConfig(CONFIG_CRITICAL), sb.toString()); } @@ -393,32 +390,32 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { SubjectDirAttributesExtension ext = createExtension(request); if (ext == null) return; - addExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - ext, info); + addExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + ext, info); } public SubjectDirAttributesExtension createExtension(IRequest request) - throws EProfileException { - SubjectDirAttributesExtension ext = null; + throws EProfileException { + SubjectDirAttributesExtension ext = null; int num = 0; boolean critical = getConfigBoolean(CONFIG_CRITICAL); num = getNumAttrs(); - + AttributeConfig attributeConfig = null; Vector attrs = new Vector(); for (int i = 0; i < num; i++) { - String enable = getConfig(CONFIG_ENABLE + i); + String enable = getConfig(CONFIG_ENABLE + i); if (enable != null && enable.equals("true")) { String attrName = getConfig(CONFIG_ATTR_NAME + i); - String pattern = getConfig(CONFIG_PATTERN + i); + String pattern = getConfig(CONFIG_PATTERN + i); if (pattern == null || pattern.equals("")) pattern = " "; @@ -427,8 +424,8 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { int lastpos = pattern.lastIndexOf("$"); String attrValue = pattern; if (!pattern.equals("") && startpos != -1 && - startpos == 0 && lastpos != -1 && - lastpos == (pattern.length()-1)) { + startpos == 0 && lastpos != -1 && + lastpos == (pattern.length() - 1)) { if (request != null) { try { attrValue = mapPattern(request, pattern); @@ -436,7 +433,7 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { throw new EProfileException(e.toString()); } } - } + } try { attributeConfig = new AttributeConfig(attrName, attrValue); } catch (EPropertyException e) { @@ -454,7 +451,7 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { attrs.copyInto(attrList); try { ext = - new SubjectDirAttributesExtension(attrList, critical); + new SubjectDirAttributesExtension(attrList, critical); } catch (IOException e) { throw new EProfileException(e.toString()); } @@ -470,50 +467,49 @@ class AttributeConfig { protected Attribute mAttribute = null; public AttributeConfig(String attrName, String attrValue) - throws EPropertyException { + throws EPropertyException { X500NameAttrMap map = X500NameAttrMap.getDefault(); - + if (attrName == null || attrName.length() == 0) { throw new EPropertyException( - CMS.getUserMessage("CMS_PROFILE_SUBJDIR_EMPTY_ATTRNAME", attrName)); + CMS.getUserMessage("CMS_PROFILE_SUBJDIR_EMPTY_ATTRNAME", attrName)); } - + if (attrValue == null || attrValue.length() == 0) { throw new EPropertyException( - CMS.getUserMessage("CMS_PROFILE_SUBJDIR_EMPTY_ATTRVAL", attrValue)); + CMS.getUserMessage("CMS_PROFILE_SUBJDIR_EMPTY_ATTRVAL", attrValue)); } try { mAttributeOID = new ObjectIdentifier(attrName); } catch (Exception e) { - CMS.debug("SubjectDirAttributesExtDefault: invalid OID syntax: "+ attrName); + CMS.debug("SubjectDirAttributesExtDefault: invalid OID syntax: " + attrName); } if (mAttributeOID == null) { mAttributeOID = map.getOid(attrName); if (mAttributeOID == null) throw new EPropertyException( - CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", attrName)); + CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", attrName)); try { checkValue(mAttributeOID, attrValue); } catch (IOException e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage())); + "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage())); } } - try { - mAttribute = new Attribute(mAttributeOID, - str2MultiValues(attrValue)); + mAttribute = new Attribute(mAttributeOID, + str2MultiValues(attrValue)); } catch (IOException e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage())); + "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage())); } } - private static void checkValue(ObjectIdentifier oid, String val) - throws IOException { + private static void checkValue(ObjectIdentifier oid, String val) + throws IOException { AVAValueConverter c = X500NameAttrMap.getDefault().getValueConverter(oid); DerValue derval; @@ -527,7 +523,7 @@ class AttributeConfig { while (tokenizer.hasMoreTokens()) { v.addElement(tokenizer.nextToken()); } - + return v; } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java index 8a3f2afc8..afc5f1f90 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -40,11 +39,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy + * This class implements an enrollment default policy * that populates Subject Info Access extension. - * + * * @version $Revision$, $Date$ */ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { @@ -87,29 +85,29 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { return num; } - + public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_ADS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_AD || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_AD || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); - } + } } super.setConfig(name, value); } @@ -137,28 +135,28 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_AD_METHOD)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_AD_METHOD")); } else if (name.startsWith(CONFIG_AD_LOCATIONTYPE)) { - return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", + return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", "URIName", CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATIONTYPE")); } else if (name.startsWith(CONFIG_AD_LOCATION)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATION")); } else if (name.startsWith(CONFIG_AD_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_AD_ENABLE")); - } else if (name.startsWith(CONFIG_NUM_ADS)) { + } else if (name.startsWith(CONFIG_NUM_ADS)) { return new Descriptor(IDescriptor.INTEGER, null, "1", CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ADS")); @@ -168,11 +166,11 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_GENERAL_NAMES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES")); } else { @@ -181,45 +179,42 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { SubjectInfoAccessExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } - SubjectInfoAccessExtension a = new SubjectInfoAccessExtension(false); ObjectIdentifier oid = a.getExtensionId(); ext = (SubjectInfoAccessExtension) - getExtension(oid.toString(), info); + getExtension(oid.toString(), info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } - + if (name.equals(VAL_CRITICAL)) { ext = (SubjectInfoAccessExtension) getExtension(oid.toString(), info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) - { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_GENERAL_NAMES)) { + ext.setCritical(val); + } else if (name.equals(VAL_GENERAL_NAMES)) { ext = (SubjectInfoAccessExtension) getExtension(oid.toString(), info); - if(ext == null) - { + if (ext == null) { return; } boolean critical = ext.isCritical(); @@ -258,17 +253,17 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { GeneralNameInterface interface1 = parseGeneralName(locationType + ":" + location); if (interface1 == null) throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", locationType)); + locale, "CMS_INVALID_PROPERTY", locationType)); gn = new GeneralName(interface1); } - + if (method != null) { try { - ext.addAccessDescription(new ObjectIdentifier(method), gn); + ext.addAccessDescription(new ObjectIdentifier(method), gn); } catch (NumberFormatException ee) { - CMS.debug("SubjectInfoAccessExtDefault: "+ee.toString()); + CMS.debug("SubjectInfoAccessExtDefault: " + ee.toString()); throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_PROFILE_DEF_SIA_OID", method)); + locale, "CMS_PROFILE_DEF_SIA_OID", method)); } } } @@ -291,30 +286,29 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { SubjectInfoAccessExtension ext = null; - if (name == null) { + if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } SubjectInfoAccessExtension a = new SubjectInfoAccessExtension(false); - ObjectIdentifier oid = a.getExtensionId(); + ObjectIdentifier oid = a.getExtensionId(); ext = (SubjectInfoAccessExtension) getExtension(oid.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { CMS.debug("SubjectInfoAccessExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } @@ -331,7 +325,7 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_GENERAL_NAMES)) { + } else if (name.equals(VAL_GENERAL_NAMES)) { ext = (SubjectInfoAccessExtension) getExtension(oid.toString(), info); @@ -340,11 +334,11 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { return ""; int num = getNumAds(); - + CMS.debug("SubjectInfoAccess num=" + num); Vector recs = new Vector(); - for (int i = 0; i < num; i++) { + for (int i = 0; i < num; i++) { NameValuePairs np = new NameValuePairs(); AccessDescription des = null; @@ -358,7 +352,7 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { np.add(AD_ENABLE, "false"); } else { ObjectIdentifier methodOid = des.getMethod(); - GeneralName gn = des.getLocation(); + GeneralName gn = des.getLocation(); np.add(AD_METHOD, methodOid.toString()); np.add(AD_LOCATION_TYPE, getGeneralNameType(gn)); @@ -397,7 +391,7 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { ads.append(getConfig(CONFIG_AD_ENABLE + i)); ads.append("}"); } - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIA_TEXT", + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIA_TEXT", getConfig(CONFIG_CRITICAL), ads.toString()); } @@ -405,14 +399,14 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { SubjectInfoAccessExtension ext = createExtension(); addExtension(ext.getExtensionId().toString(), ext, info); } public SubjectInfoAccessExtension createExtension() { - SubjectInfoAccessExtension ext = null; + SubjectInfoAccessExtension ext = null; int num = getNumAds(); try { @@ -434,21 +428,21 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { String hostname = CMS.getEENonSSLHost(); String port = CMS.getEENonSSLPort(); if (hostname != null && port != null) - location = "http://"+hostname+":"+port+"/ocsp"; + location = "http://" + hostname + ":" + port + "/ocsp"; } } String s = locationType + ":" + location; GeneralNameInterface gn = parseGeneralName(s); if (gn != null) { - ext.addAccessDescription(new ObjectIdentifier(method), - new GeneralName(gn)); + ext.addAccessDescription(new ObjectIdentifier(method), + new GeneralName(gn)); } } } } catch (Exception e) { - CMS.debug("SubjectInfoAccessExtDefault: createExtension " + - e.toString()); + CMS.debug("SubjectInfoAccessExtDefault: createExtension " + + e.toString()); } return ext; diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java index d8b09f5db..9476e45f6 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @@ -39,12 +38,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a subject key identifier extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { @@ -61,19 +59,19 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, + return new Descriptor(IDescriptor.STRING, + IDescriptor.READONLY, null, CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_KEY_ID)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, + return new Descriptor(IDescriptor.STRING, + IDescriptor.READONLY, null, CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ID")); } else { @@ -82,8 +80,8 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); @@ -99,8 +97,8 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); @@ -108,24 +106,23 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { SubjectKeyIdentifierExtension ext = (SubjectKeyIdentifierExtension) getExtension( - PKIXExtensions.SubjectKey_Id.toString(), info); + PKIXExtensions.SubjectKey_Id.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = - (SubjectKeyIdentifierExtension) getExtension( - PKIXExtensions.SubjectKey_Id.toString(), info); + ext = + (SubjectKeyIdentifierExtension) getExtension( + PKIXExtensions.SubjectKey_Id.toString(), info); if (ext == null) { return null; @@ -136,9 +133,9 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { return "false"; } } else if (name.equals(VAL_KEY_ID)) { - ext = - (SubjectKeyIdentifierExtension) getExtension( - PKIXExtensions.SubjectKey_Id.toString(), info); + ext = + (SubjectKeyIdentifierExtension) getExtension( + PKIXExtensions.SubjectKey_Id.toString(), info); if (ext == null) { return null; @@ -149,11 +146,11 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { kid = (KeyIdentifier) ext.get(SubjectKeyIdentifierExtension.KEY_ID); } catch (IOException e) { - CMS.debug( "SubjectKeyIdentifierExtDefault::getValue() - " + - "kid is null!" ); - throw new EPropertyException( CMS.getUserMessage( locale, + CMS.debug("SubjectKeyIdentifierExtDefault::getValue() - " + + "kid is null!"); + throw new EPropertyException(CMS.getUserMessage(locale, "CMS_INVALID_PROPERTY", - name ) ); + name)); } return toHexString(kid.getIdentifier()); } else { @@ -170,7 +167,7 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { SubjectKeyIdentifierExtension ext = createExtension(info); addExtension(PKIXExtensions.SubjectKey_Id.toString(), ext, info); @@ -184,36 +181,36 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { return null; } SubjectKeyIdentifierExtension ext = null; - + boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL)).booleanValue(); try { ext = new SubjectKeyIdentifierExtension(critical, kid.getIdentifier()); } catch (IOException e) { - CMS.debug("SubjectKeyIdentifierExtDefault: createExtension " + - e.toString()); + CMS.debug("SubjectKeyIdentifierExtDefault: createExtension " + + e.toString()); // } return ext; } - public KeyIdentifier getKeyIdentifier(X509CertInfo info) { - try { - CertificateX509Key infokey = (CertificateX509Key) - info.get(X509CertInfo.KEY); + public KeyIdentifier getKeyIdentifier(X509CertInfo info) { + try { + CertificateX509Key infokey = (CertificateX509Key) + info.get(X509CertInfo.KEY); X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY); MessageDigest md = MessageDigest.getInstance("SHA-1"); - md.update(key.getKey()); + md.update(key.getKey()); byte[] hash = md.digest(); return new KeyIdentifier(hash); } catch (NoSuchAlgorithmException e) { - CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " + - e.toString()); + CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " + + e.toString()); } catch (Exception e) { - CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " + - e.toString()); + CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " + + e.toString()); } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java index 9f404e89b..479219b84 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Locale; @@ -34,12 +33,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates server-side configurable subject name * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class SubjectNameDefault extends EnrollDefault { @@ -55,15 +53,15 @@ public class SubjectNameDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_NAME)) { - return new Descriptor(IDescriptor.STRING, + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_NAME)) { + return new Descriptor(IDescriptor.STRING, null, "CN=TEST", CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } @@ -72,18 +70,18 @@ public class SubjectNameDefault extends EnrollDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_NAME)) { return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -100,25 +98,25 @@ public class SubjectNameDefault extends EnrollDefault { } CMS.debug("SubjectNameDefault: setValue name=" + x500name.toString()); try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(x500name)); } catch (Exception e) { // failed to insert subject name CMS.debug("SubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -133,18 +131,18 @@ public class SubjectNameDefault extends EnrollDefault { } catch (Exception e) { // nothing CMS.debug("SubjectNameDefault: getValue " + e.toString()); - + } - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_NAME", + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_NAME", getConfig(CONFIG_NAME)); } @@ -152,13 +150,13 @@ public class SubjectNameDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { X500Name name = null; String subjectName = null; try { - subjectName = mapPattern(request, getConfig(CONFIG_NAME)); + subjectName = mapPattern(request, getConfig(CONFIG_NAME)); } catch (IOException e) { CMS.debug("SubjectNameDefault: mapPattern " + e.toString()); } @@ -176,8 +174,8 @@ public class SubjectNameDefault extends EnrollDefault { // failed to build x500 name } try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(name)); } catch (Exception e) { // failed to insert subject name CMS.debug("SubjectNameDefault: populate " + e.toString()); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java index c834eee19..46a78c731 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.util.Locale; import netscape.security.x509.CertificateExtensions; @@ -34,12 +33,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a user-supplied extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class UserExtensionDefault extends EnrollExtDefault { @@ -57,11 +55,11 @@ public class UserExtensionDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_OID)) { return new Descriptor(IDescriptor.STRING, null, "Comment Here...", @@ -83,16 +81,16 @@ public class UserExtensionDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { // Nothing to do for read-only values } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + X509CertInfo info) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_OID)) { @@ -104,7 +102,7 @@ public class UserExtensionDefault extends EnrollExtDefault { } return ext.getExtensionId().toString(); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -117,22 +115,22 @@ public class UserExtensionDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { CertificateExtensions inExts = null; String oid = getConfig(CONFIG_OID); inExts = request.getExtDataInCertExts(IEnrollProfile.REQUEST_EXTENSIONS); if (inExts == null) - return; + return; Extension ext = getExtension(getConfig(CONFIG_OID), inExts); if (ext == null) { - CMS.debug("UserExtensionDefault: no user ext supplied for "+ oid); - return; + CMS.debug("UserExtensionDefault: no user ext supplied for " + oid); + return; } // user supplied the ext that's allowed, replace the def set by system deleteExtension(oid, info); - CMS.debug("UserExtensionDefault: using user supplied ext for "+ oid); + CMS.debug("UserExtensionDefault: using user supplied ext for " + oid); addExtension(oid, ext, info); } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java index 1cff57df2..b1dc9d116 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.ByteArrayInputStream; import java.math.BigInteger; import java.security.interfaces.DSAParams; @@ -40,12 +39,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a user supplied key * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class UserKeyDefault extends EnrollDefault { @@ -62,24 +60,24 @@ public class UserKeyDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_KEY)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, + return new Descriptor(IDescriptor.STRING, + IDescriptor.READONLY, null, CMS.getUserMessage(locale, "CMS_PROFILE_KEY")); } else if (name.equals(VAL_LEN)) { return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, + IDescriptor.READONLY, null, CMS.getUserMessage(locale, "CMS_PROFILE_KEY_LEN")); } else if (name.equals(VAL_TYPE)) { return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, + IDescriptor.READONLY, null, CMS.getUserMessage(locale, "CMS_PROFILE_KEY_TYPE")); } else { @@ -88,15 +86,15 @@ public class UserKeyDefault extends EnrollDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { // this default rule is readonly } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { + X509CertInfo info) + throws EPropertyException { + if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -116,7 +114,7 @@ public class UserKeyDefault extends EnrollDefault { ck.get(CertificateX509Key.KEY); } catch (Exception e) { // nothing - } + } if (k == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_PROFILE_KEY_NOT_FOUND")); @@ -139,7 +137,7 @@ public class UserKeyDefault extends EnrollDefault { } catch (Exception e) { // nothing } - if (k == null) { + if (k == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_PROFILE_KEY_NOT_FOUND")); } @@ -171,12 +169,12 @@ public class UserKeyDefault extends EnrollDefault { } catch (Exception e) { // nothing } - if (k == null) { + if (k == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_PROFILE_KEY_NOT_FOUND")); } - return k.getAlgorithm() + " - " + - k.getAlgorithmId().getOID().toString(); + return k.getAlgorithm() + " - " + + k.getAlgorithmId().getOID().toString(); } else { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); @@ -217,7 +215,7 @@ public class UserKeyDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { CertificateX509Key certKey = null; // authenticate the certificate key, and move // the key from request into x509 certinfo diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java index 07e6c77e5..4aeed6ba3 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.ByteArrayInputStream; import java.util.Locale; @@ -35,12 +34,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a user-supplied signing algorithm * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class UserSigningAlgDefault extends EnrollDefault { @@ -53,30 +51,30 @@ public class UserSigningAlgDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_ALG_ID)) { - return new Descriptor(IDescriptor.STRING, + return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, null, CMS.getUserMessage(locale, - "CMS_PROFILE_SIGNING_ALGORITHM")); + "CMS_PROFILE_SIGNING_ALGORITHM")); } else { return null; } } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { // this default rule is readonly } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); @@ -88,7 +86,7 @@ public class UserSigningAlgDefault extends EnrollDefault { algID = (CertificateAlgorithmId) info.get(X509CertInfo.ALGORITHM_ID); AlgorithmId id = (AlgorithmId) - algID.get(CertificateAlgorithmId.ALGORITHM); + algID.get(CertificateAlgorithmId.ALGORITHM); return id.toString(); } catch (Exception e) { @@ -109,7 +107,7 @@ public class UserSigningAlgDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { CertificateAlgorithmId certAlg = null; // authenticate the certificate key, and move // the key from request into x509 certinfo diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java index f589b6543..65456e256 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Locale; @@ -35,12 +34,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a user-supplied subject name * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class UserSubjectNameDefault extends EnrollDefault { @@ -53,7 +51,7 @@ public class UserSubjectNameDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -67,8 +65,8 @@ public class UserSubjectNameDefault extends EnrollDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); @@ -84,12 +82,12 @@ public class UserSubjectNameDefault extends EnrollDefault { } CMS.debug("SubjectNameDefault: setValue name=" + x500name); try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(x500name)); } catch (Exception e) { // failed to insert subject name CMS.debug("UserSubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else { @@ -99,10 +97,10 @@ public class UserSubjectNameDefault extends EnrollDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + X509CertInfo info) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -115,10 +113,10 @@ public class UserSubjectNameDefault extends EnrollDefault { } catch (Exception e) { // nothing } - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -131,7 +129,7 @@ public class UserSubjectNameDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { // authenticate the subject name and populate it // to the certinfo try { diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java index 2d79b1925..3fadb81fd 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.ByteArrayInputStream; import java.util.Date; import java.util.Locale; @@ -35,12 +34,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a user-supplied validity * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class UserValidityDefault extends EnrollDefault { @@ -55,13 +53,13 @@ public class UserValidityDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_NOT_BEFORE)) { - return new Descriptor(IDescriptor.STRING, + return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, null, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_BEFORE")); @@ -76,16 +74,16 @@ public class UserValidityDefault extends EnrollDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { // this default rule is readonly } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + X509CertInfo info) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NOT_BEFORE)) { @@ -93,32 +91,32 @@ public class UserValidityDefault extends EnrollDefault { try { validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); + info.get(X509CertInfo.VALIDITY); Date notBefore = (Date) - validity.get(CertificateValidity.NOT_BEFORE); + validity.get(CertificateValidity.NOT_BEFORE); return notBefore.toString(); } catch (Exception e) { CMS.debug("UserValidityDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else if (name.equals(VAL_NOT_AFTER)) { try { CertificateValidity validity = null; validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); + info.get(X509CertInfo.VALIDITY); Date notAfter = (Date) - validity.get(CertificateValidity.NOT_AFTER); + validity.get(CertificateValidity.NOT_AFTER); return notAfter.toString(); } catch (Exception e) { CMS.debug("UserValidityDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -131,7 +129,7 @@ public class UserValidityDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { CertificateValidity certValidity = null; // authenticate the certificate key, and move // the key from request into x509 certinfo diff --git a/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java index 6e9b08abf..ad06400f3 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.text.ParsePosition; import java.text.SimpleDateFormat; @@ -36,12 +35,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a server-side configurable validity * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class ValidityDefault extends EnrollDefault { @@ -64,26 +62,26 @@ public class ValidityDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (name.equals(CONFIG_RANGE)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_RANGE)); - } + } } else if (name.equals(CONFIG_START_TIME)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_START_TIME)); - } + } } super.setConfig(name, value); } @@ -91,16 +89,16 @@ public class ValidityDefault extends EnrollDefault { public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_RANGE)) { return new Descriptor(IDescriptor.STRING, - null, + null, "2922", CMS.getUserMessage(locale, - "CMS_PROFILE_VALIDITY_RANGE")); + "CMS_PROFILE_VALIDITY_RANGE")); } else if (name.equals(CONFIG_START_TIME)) { return new Descriptor(IDescriptor.STRING, - null, + null, "60", /* 1 minute */ CMS.getUserMessage(locale, - "CMS_PROFILE_VALIDITY_START_TIME")); + "CMS_PROFILE_VALIDITY_START_TIME")); } else { return null; } @@ -119,19 +117,19 @@ public class ValidityDefault extends EnrollDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { + X509CertInfo info, String value) + throws EPropertyException { + if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } - if (value == null || value.equals("")) { + if (value == null || value.equals("")) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); ParsePosition pos = new ParsePosition(0); Date date = formatter.parse(value, pos); CertificateValidity validity = null; @@ -140,15 +138,15 @@ public class ValidityDefault extends EnrollDefault { validity = (CertificateValidity) info.get(X509CertInfo.VALIDITY); validity.set(CertificateValidity.NOT_BEFORE, - date); + date); } catch (Exception e) { CMS.debug("ValidityDefault: setValue " + e.toString()); throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); ParsePosition pos = new ParsePosition(0); Date date = formatter.parse(value, pos); CertificateValidity validity = null; @@ -157,7 +155,7 @@ public class ValidityDefault extends EnrollDefault { validity = (CertificateValidity) info.get(X509CertInfo.VALIDITY); validity.set(CertificateValidity.NOT_AFTER, - date); + date); } catch (Exception e) { CMS.debug("ValidityDefault: setValue " + e.toString()); throw new EPropertyException(CMS.getUserMessage( @@ -170,16 +168,16 @@ public class ValidityDefault extends EnrollDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); CertificateValidity validity = null; try { @@ -192,8 +190,8 @@ public class ValidityDefault extends EnrollDefault { } throw new EPropertyException("Invalid valie"); } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); CertificateValidity validity = null; try { @@ -214,7 +212,7 @@ public class ValidityDefault extends EnrollDefault { } public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", getConfig(CONFIG_RANGE)); } @@ -222,11 +220,11 @@ public class ValidityDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { // always + 60 seconds String startTimeStr = getConfig(CONFIG_START_TIME); try { - startTimeStr = mapPattern(request, startTimeStr); + startTimeStr = mapPattern(request, startTimeStr); } catch (IOException e) { CMS.debug("ValidityDefault: populate " + e.toString()); } @@ -241,7 +239,7 @@ public class ValidityDefault extends EnrollDefault { try { String rangeStr = getConfig(CONFIG_RANGE); rangeStr = mapPattern(request, rangeStr); - notAfterVal = notBefore.getTime() + + notAfterVal = notBefore.getTime() + (mDefault * Integer.parseInt(rangeStr)); } catch (Exception e) { // configured value is not correct @@ -250,8 +248,8 @@ public class ValidityDefault extends EnrollDefault { getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_RANGE)); } Date notAfter = new Date(notAfterVal); - CertificateValidity validity = - new CertificateValidity(notBefore, notAfter); + CertificateValidity validity = + new CertificateValidity(notBefore, notAfter); try { info.set(X509CertInfo.VALIDITY, validity); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java index c8beca2f6..6b5ab6bc0 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java @@ -37,19 +37,19 @@ import com.netscape.certsrv.request.IRequest; * This class implements an enrollment default policy * that populates server-side configurable subject name * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class nsHKeySubjectNameDefault extends EnrollDefault { - public static final String PROP_PARAMS = "params"; + public static final String PROP_PARAMS = "params"; public static final String CONFIG_DNPATTERN = "dnpattern"; public static final String VAL_NAME = "name"; /* default dn pattern if left blank or not set in the config */ - protected static String DEFAULT_DNPATTERN = - "CN=SecureMember - $request.tokencuid$, OU=Subscriber, O=Red Hat, C=US"; + protected static String DEFAULT_DNPATTERN = + "CN=SecureMember - $request.tokencuid$, OU=Subscriber, O=Red Hat, C=US"; protected IConfigStore mParamsConfig; @@ -61,43 +61,43 @@ public class nsHKeySubjectNameDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - CMS.debug("nsHKeySubjectNameDefault: in getConfigDescriptor, name="+ name); - if (name.equals(CONFIG_DNPATTERN)) { - return new Descriptor(IDescriptor.STRING, + public IDescriptor getConfigDescriptor(Locale locale, String name) { + CMS.debug("nsHKeySubjectNameDefault: in getConfigDescriptor, name=" + name); + if (name.equals(CONFIG_DNPATTERN)) { + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } public IDescriptor getValueDescriptor(Locale locale, String name) { - CMS.debug("nsHKeySubjectNameDefault: in getValueDescriptor name="+name); + CMS.debug("nsHKeySubjectNameDefault: in getValueDescriptor name=" + name); if (name.equals(VAL_NAME)) { return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { - CMS.debug("nsHKeySubjectNameDefault: in setValue, value="+value); + CMS.debug("nsHKeySubjectNameDefault: in setValue, value=" + value); if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -111,26 +111,26 @@ public class nsHKeySubjectNameDefault extends EnrollDefault { } CMS.debug("nsHKeySubjectNameDefault: setValue name=" + x500name); try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(x500name)); } catch (Exception e) { // failed to insert subject name CMS.debug("nsHKeySubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - CMS.debug("nsHKeySubjectNameDefault: in getValue, name="+name); + X509CertInfo info) + throws EPropertyException { + CMS.debug("nsHKeySubjectNameDefault: in getValue, name=" + name); if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -145,19 +145,19 @@ public class nsHKeySubjectNameDefault extends EnrollDefault { } catch (Exception e) { // nothing CMS.debug("nsHKeySubjectNameDefault: getValue " + e.toString()); - + } - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - CMS.debug("nsHKeySubjectNameDefault: in getText"); - return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", + CMS.debug("nsHKeySubjectNameDefault: in getText"); + return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", getConfig(CONFIG_DNPATTERN)); } @@ -165,15 +165,15 @@ public class nsHKeySubjectNameDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { X500Name name = null; - CMS.debug("nsHKeySubjectNameDefault: in populate"); + CMS.debug("nsHKeySubjectNameDefault: in populate"); try { - String subjectName = getSubjectName(request); - CMS.debug("subjectName=" + subjectName); - if (subjectName == null || subjectName.equals("")) - return; + String subjectName = getSubjectName(request); + CMS.debug("subjectName=" + subjectName); + if (subjectName == null || subjectName.equals("")) + return; name = new X500Name(subjectName); } catch (IOException e) { @@ -184,32 +184,32 @@ public class nsHKeySubjectNameDefault extends EnrollDefault { // failed to build x500 name } try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(name)); } catch (Exception e) { // failed to insert subject name CMS.debug("nsHKeySubjectNameDefault: populate " + e.toString()); } } - private String getSubjectName(IRequest request) - throws EProfileException, IOException { + private String getSubjectName(IRequest request) + throws EProfileException, IOException { + + CMS.debug("nsHKeySubjectNameDefault: in getSubjectName"); - CMS.debug("nsHKeySubjectNameDefault: in getSubjectName"); + String pattern = getConfig(CONFIG_DNPATTERN); + if (pattern == null || pattern.equals("")) { + pattern = " "; + } - String pattern = getConfig(CONFIG_DNPATTERN); - if (pattern == null || pattern.equals("")) { - pattern = " "; - } - - String sbjname = ""; + String sbjname = ""; - if (request != null) { - CMS.debug("pattern = "+pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsHKeySubjectNameDefault: getSubjectName(): subject name mapping done"); - } + if (request != null) { + CMS.debug("pattern = " + pattern); + sbjname = mapPattern(request, pattern); + CMS.debug("nsHKeySubjectNameDefault: getSubjectName(): subject name mapping done"); + } - return sbjname; - } + return sbjname; + } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java index 3a1d1c6ea..6e36302ed 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java @@ -45,13 +45,13 @@ import com.netscape.certsrv.request.IRequest; * This class implements an enrollment default policy * that populates server-side configurable subject name * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class nsNKeySubjectNameDefault extends EnrollDefault { - public static final String PROP_LDAP = "ldap"; - public static final String PROP_PARAMS = "params"; + public static final String PROP_LDAP = "ldap"; + public static final String PROP_PARAMS = "params"; public static final String CONFIG_DNPATTERN = "dnpattern"; public static final String CONFIG_LDAP_STRING_ATTRS = "ldapStringAttributes"; public static final String CONFIG_LDAP_HOST = "ldap.ldapconn.host"; @@ -64,20 +64,20 @@ public class nsNKeySubjectNameDefault extends EnrollDefault { public static final String VAL_NAME = "name"; - public static final String CONFIG_LDAP_VERS = - "2,3"; + public static final String CONFIG_LDAP_VERS = + "2,3"; /* default dn pattern if left blank or not set in the config */ - protected static String DEFAULT_DNPATTERN = - "CN=$request.aoluid$, E=$request.mail$"; + protected static String DEFAULT_DNPATTERN = + "CN=$request.aoluid$, E=$request.mail$"; /* ldap configuration sub-store */ - boolean mInitialized = false; + boolean mInitialized = false; protected IConfigStore mInstConfig; protected IConfigStore mLdapConfig; protected IConfigStore mParamsConfig; - /* ldap base dn */ + /* ldap base dn */ protected String mBaseDN = null; /* factory of anonymous ldap connections */ @@ -90,104 +90,104 @@ public class nsNKeySubjectNameDefault extends EnrollDefault { public nsNKeySubjectNameDefault() { super(); addConfigName(CONFIG_DNPATTERN); - addConfigName(CONFIG_LDAP_STRING_ATTRS); + addConfigName(CONFIG_LDAP_STRING_ATTRS); addConfigName(CONFIG_LDAP_HOST); addConfigName(CONFIG_LDAP_PORT); addConfigName(CONFIG_LDAP_SEC_CONN); addConfigName(CONFIG_LDAP_VER); addConfigName(CONFIG_LDAP_BASEDN); - addConfigName(CONFIG_LDAP_MIN_CONN); - addConfigName(CONFIG_LDAP_MAX_CONN); + addConfigName(CONFIG_LDAP_MIN_CONN); + addConfigName(CONFIG_LDAP_MAX_CONN); addValueName(CONFIG_DNPATTERN); - addValueName(CONFIG_LDAP_STRING_ATTRS); + addValueName(CONFIG_LDAP_STRING_ATTRS); addValueName(CONFIG_LDAP_HOST); addValueName(CONFIG_LDAP_PORT); addValueName(CONFIG_LDAP_SEC_CONN); addValueName(CONFIG_LDAP_VER); addValueName(CONFIG_LDAP_BASEDN); - addValueName(CONFIG_LDAP_MIN_CONN); - addValueName(CONFIG_LDAP_MAX_CONN); + addValueName(CONFIG_LDAP_MIN_CONN); + addValueName(CONFIG_LDAP_MAX_CONN); } public void init(IProfile profile, IConfigStore config) - throws EProfileException { - mInstConfig = config; + throws EProfileException { + mInstConfig = config; super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - CMS.debug("nsNKeySubjectNameDefault: in getConfigDescriptor, name="+ name); - if (name.equals(CONFIG_DNPATTERN)) { - return new Descriptor(IDescriptor.STRING, + public IDescriptor getConfigDescriptor(Locale locale, String name) { + CMS.debug("nsNKeySubjectNameDefault: in getConfigDescriptor, name=" + name); + if (name.equals(CONFIG_DNPATTERN)) { + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); - } else if (name.equals(CONFIG_LDAP_STRING_ATTRS)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_LDAP_STRING_ATTRS")); - } else if (name.equals(CONFIG_LDAP_HOST)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_HOST_NAME")); - } else if (name.equals(CONFIG_LDAP_PORT)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_PORT_NUMBER")); - } else if (name.equals(CONFIG_LDAP_SEC_CONN)) { + "CMS_PROFILE_SUBJECT_NAME")); + } else if (name.equals(CONFIG_LDAP_STRING_ATTRS)) { + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_STRING_ATTRS")); + } else if (name.equals(CONFIG_LDAP_HOST)) { + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_HOST_NAME")); + } else if (name.equals(CONFIG_LDAP_PORT)) { + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_PORT_NUMBER")); + } else if (name.equals(CONFIG_LDAP_SEC_CONN)) { return new Descriptor(IDescriptor.BOOLEAN, - null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_SECURE_CONN")); - } else if (name.equals(CONFIG_LDAP_VER)) { + null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_SECURE_CONN")); + } else if (name.equals(CONFIG_LDAP_VER)) { return new Descriptor(IDescriptor.CHOICE, CONFIG_LDAP_VERS, "3", CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_VERSION")); - } else if (name.equals(CONFIG_LDAP_BASEDN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_BASEDN")); - } else if (name.equals(CONFIG_LDAP_MIN_CONN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_LDAP_MIN_CONN")); - } else if (name.equals(CONFIG_LDAP_MAX_CONN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_LDAP_MAX_CONN")); + } else if (name.equals(CONFIG_LDAP_BASEDN)) { + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_BASEDN")); + } else if (name.equals(CONFIG_LDAP_MIN_CONN)) { + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_MIN_CONN")); + } else if (name.equals(CONFIG_LDAP_MAX_CONN)) { + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_MAX_CONN")); } else { return null; } } public IDescriptor getValueDescriptor(Locale locale, String name) { - CMS.debug("nsNKeySubjectNameDefault: in getValueDescriptor name="+name); + CMS.debug("nsNKeySubjectNameDefault: in getValueDescriptor name=" + name); if (name.equals(VAL_NAME)) { return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { - CMS.debug("nsNKeySubjectNameDefault: in setValue, value="+value); + CMS.debug("nsNKeySubjectNameDefault: in setValue, value=" + value); if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -201,26 +201,26 @@ public class nsNKeySubjectNameDefault extends EnrollDefault { } CMS.debug("nsNKeySubjectNameDefault: setValue name=" + x500name); try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(x500name)); } catch (Exception e) { // failed to insert subject name CMS.debug("nsNKeySubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - CMS.debug("nsNKeySubjectNameDefault: in getValue, name="+name); + X509CertInfo info) + throws EPropertyException { + CMS.debug("nsNKeySubjectNameDefault: in getValue, name=" + name); if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -235,79 +235,80 @@ public class nsNKeySubjectNameDefault extends EnrollDefault { } catch (Exception e) { // nothing CMS.debug("nsNKeySubjectNameDefault: getValue " + e.toString()); - + } - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - CMS.debug("nsNKeySubjectNameDefault: in getText"); - return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", + CMS.debug("nsNKeySubjectNameDefault: in getText"); + return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", getConfig(CONFIG_DNPATTERN)); } - public void ldapInit() - throws EProfileException { - if (mInitialized == true) return; - - CMS.debug("nsNKeySubjectNameDefault: ldapInit(): begin"); - - try { - // cfu - XXX do more error handling here later - /* initialize ldap server configuration */ - mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS); - mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP); - mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null); - mConnFactory = CMS.getLdapAnonConnFactory(); - mConnFactory.init(mLdapConfig); - - /* initialize dn pattern */ - String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null); - - if (pattern == null || pattern.length() == 0) - pattern = DEFAULT_DNPATTERN; - - /* initialize ldap string attribute list */ - String ldapStringAttrs = mParamsConfig.getString(CONFIG_LDAP_STRING_ATTRS, null); - - if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) { - StringTokenizer pAttrs = - new StringTokenizer(ldapStringAttrs, ",", false); - - mLdapStringAttrs = new String[pAttrs.countTokens()]; - - for (int i = 0; i < mLdapStringAttrs.length; i++) { - mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim(); - } - } - CMS.debug("nsNKeySubjectNameDefault: ldapInit(): done"); - mInitialized = true; - } catch (Exception e) { - CMS.debug("nsNKeySubjectNameDefault: ldapInit(): "+e.toString()); - // throw EProfileException... - throw new EProfileException("ldap init failure: "+e.toString()); - } - } + public void ldapInit() + throws EProfileException { + if (mInitialized == true) + return; + + CMS.debug("nsNKeySubjectNameDefault: ldapInit(): begin"); + + try { + // cfu - XXX do more error handling here later + /* initialize ldap server configuration */ + mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS); + mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP); + mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null); + mConnFactory = CMS.getLdapAnonConnFactory(); + mConnFactory.init(mLdapConfig); + + /* initialize dn pattern */ + String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null); + + if (pattern == null || pattern.length() == 0) + pattern = DEFAULT_DNPATTERN; + + /* initialize ldap string attribute list */ + String ldapStringAttrs = mParamsConfig.getString(CONFIG_LDAP_STRING_ATTRS, null); + + if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) { + StringTokenizer pAttrs = + new StringTokenizer(ldapStringAttrs, ",", false); + + mLdapStringAttrs = new String[pAttrs.countTokens()]; + + for (int i = 0; i < mLdapStringAttrs.length; i++) { + mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim(); + } + } + CMS.debug("nsNKeySubjectNameDefault: ldapInit(): done"); + mInitialized = true; + } catch (Exception e) { + CMS.debug("nsNKeySubjectNameDefault: ldapInit(): " + e.toString()); + // throw EProfileException... + throw new EProfileException("ldap init failure: " + e.toString()); + } + } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { X500Name name = null; - CMS.debug("nsNKeySubjectNameDefault: in populate"); - ldapInit(); + CMS.debug("nsNKeySubjectNameDefault: in populate"); + ldapInit(); try { - // cfu - this goes to ldap - String subjectName = getSubjectName(request); - CMS.debug("subjectName=" + subjectName); - if (subjectName == null || subjectName.equals("")) - return; + // cfu - this goes to ldap + String subjectName = getSubjectName(request); + CMS.debug("subjectName=" + subjectName); + if (subjectName == null || subjectName.equals("")) + return; name = new X500Name(subjectName); } catch (IOException e) { @@ -318,55 +319,55 @@ public class nsNKeySubjectNameDefault extends EnrollDefault { // failed to build x500 name } try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(name)); } catch (Exception e) { // failed to insert subject name CMS.debug("nsNKeySubjectNameDefault: populate " + e.toString()); } } - private String getSubjectName(IRequest request) - throws EProfileException, IOException { + private String getSubjectName(IRequest request) + throws EProfileException, IOException { - CMS.debug("nsNKeySubjectNameDefault: in getSubjectName"); + CMS.debug("nsNKeySubjectNameDefault: in getSubjectName"); - String pattern = getConfig(CONFIG_DNPATTERN); - if (pattern == null || pattern.equals("")) { - pattern = " "; - } - - LDAPConnection conn = null; + String pattern = getConfig(CONFIG_DNPATTERN); + if (pattern == null || pattern.equals("")) { + pattern = " "; + } + + LDAPConnection conn = null; String userdn = null; - String sbjname = ""; - // get DN from ldap to fill request - try { - if (mConnFactory == null) { + String sbjname = ""; + // get DN from ldap to fill request + try { + if (mConnFactory == null) { conn = null; CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): no LDAP connection"); throw new EProfileException("no LDAP connection"); } else { conn = mConnFactory.getConn(); - if( conn == null ) { - CMS.debug( "nsNKeySubjectNameDefault::getSubjectName() - " + - "no LDAP connection" ); - throw new EProfileException( "no LDAP connection" ); + if (conn == null) { + CMS.debug("nsNKeySubjectNameDefault::getSubjectName() - " + + "no LDAP connection"); + throw new EProfileException("no LDAP connection"); } CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): got LDAP connection"); } - if (request != null) { - CMS.debug("pattern = "+pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): subject name mapping done"); - } else { - CMS.debug( "nsNKeySubjectNameDefault::getSubjectName() - " + - "request is null!" ); - throw new EProfileException( "request is null" ); - } - // retrieve the attributes + if (request != null) { + CMS.debug("pattern = " + pattern); + sbjname = mapPattern(request, pattern); + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): subject name mapping done"); + } else { + CMS.debug("nsNKeySubjectNameDefault::getSubjectName() - " + + "request is null!"); + throw new EProfileException("request is null"); + } + // retrieve the attributes // get user dn. - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with basedn = "+ mBaseDN); + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with basedn = " + mBaseDN); LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB, "(aoluid=" + request.getExtDataInString("aoluid") + ")", null, false); @@ -378,42 +379,43 @@ public class nsNKeySubjectNameDefault extends EnrollDefault { CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): screen name does not exist"); throw new EProfileException("screenname does not exist"); } - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): retrieved entry for aoluid = "+request.getExtDataInString("aoluid"));; - - LDAPEntry entry = null; - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with "+ mLdapStringAttrs.length +" attributes"); - LDAPSearchResults results = - conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", - mLdapStringAttrs, false); - - if (!results.hasMoreElements()) { - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): no attributes"); - throw new EProfileException("no ldap attributes found"); - } - entry = results.next(); - // set attrs into request + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): retrieved entry for aoluid = " + request.getExtDataInString("aoluid")); + ; + + LDAPEntry entry = null; + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with " + mLdapStringAttrs.length + " attributes"); + LDAPSearchResults results = + conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", + mLdapStringAttrs, false); + + if (!results.hasMoreElements()) { + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): no attributes"); + throw new EProfileException("no ldap attributes found"); + } + entry = results.next(); + // set attrs into request for (int i = 0; i < mLdapStringAttrs.length; i++) { - LDAPAttribute la = - entry.getAttribute(mLdapStringAttrs[i]); - if (la != null) { - String[] sla = la.getStringValueArray(); - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): got attribute: "+sla[0]); - request.setExtData(mLdapStringAttrs[i], sla[0]); - } + LDAPAttribute la = + entry.getAttribute(mLdapStringAttrs[i]); + if (la != null) { + String[] sla = la.getStringValueArray(); + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): got attribute: " + sla[0]); + request.setExtData(mLdapStringAttrs[i], sla[0]); + } } - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): attributes set in request"); - } catch (Exception e) { - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): "+e.toString()); - throw new EProfileException("getSubjectName() failure: "+e.toString()); - } finally { - try { - if (conn != null) - mConnFactory.returnConn(conn); - } catch (Exception e) { - throw new EProfileException("nsNKeySubjectNameDefault: getSubjectName(): connection return failure"); - } - } - return sbjname; - - } + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): attributes set in request"); + } catch (Exception e) { + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): " + e.toString()); + throw new EProfileException("getSubjectName() failure: " + e.toString()); + } finally { + try { + if (conn != null) + mConnFactory.returnConn(conn); + } catch (Exception e) { + throw new EProfileException("nsNKeySubjectNameDefault: getSubjectName(): connection return failure"); + } + } + return sbjname; + + } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java index 030470b39..77fa417f6 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java @@ -37,7 +37,7 @@ import com.netscape.certsrv.request.IRequest; * This class implements an enrollment default policy * that populates server-side configurable subject name * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { @@ -49,7 +49,7 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { /* default dn pattern if left blank or not set in the config */ protected static String DEFAULT_DNPATTERN = - "Token Key Device - $request.tokencuid$"; + "Token Key Device - $request.tokencuid$"; protected IConfigStore mParamsConfig; @@ -61,43 +61,43 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getConfigDescriptor, name="+ name); - if (name.equals(CONFIG_DNPATTERN)) { - return new Descriptor(IDescriptor.STRING, + public IDescriptor getConfigDescriptor(Locale locale, String name) { + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getConfigDescriptor, name=" + name); + if (name.equals(CONFIG_DNPATTERN)) { + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } public IDescriptor getValueDescriptor(Locale locale, String name) { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValueDescriptor name="+name); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValueDescriptor name=" + name); if (name.equals(VAL_NAME)) { return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in setValue, value="+value); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in setValue, value=" + value); if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -111,27 +111,26 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { } CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue name=" + x500name); try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(x500name)); } catch (Exception e) { // failed to insert subject name CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException - { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValue, name="+name); + X509CertInfo info) + throws EPropertyException { + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValue, name=" + name); if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -146,19 +145,19 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { } catch (Exception e) { // nothing CMS.debug("nsTokenDeviceKeySubjectNameDefault: getValue " + e.toString()); - + } - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getText"); - return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getText"); + return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", getConfig(CONFIG_DNPATTERN)); } @@ -166,15 +165,15 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { X500Name name = null; - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in populate"); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in populate"); try { - String subjectName = getSubjectName(request); + String subjectName = getSubjectName(request); CMS.debug("subjectName=" + subjectName); if (subjectName == null || subjectName.equals("")) - return; + return; name = new X500Name(subjectName); } catch (IOException e) { @@ -185,8 +184,8 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { // failed to build x500 name } try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(name)); } catch (Exception e) { // failed to insert subject name CMS.debug("nsTokenDeviceKeySubjectNameDefault: populate " + e.toString()); @@ -194,23 +193,23 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { } private String getSubjectName(IRequest request) - throws EProfileException, IOException { + throws EProfileException, IOException { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getSubjectName"); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getSubjectName"); - String pattern = getConfig(CONFIG_DNPATTERN); - if (pattern == null || pattern.equals("")) { - pattern = " "; - } - - String sbjname = ""; + String pattern = getConfig(CONFIG_DNPATTERN); + if (pattern == null || pattern.equals("")) { + pattern = " "; + } - if (request != null) { - CMS.debug("pattern = "+pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsTokenDeviceKeySubjectNameDefault: getSubjectName(): subject name mapping done"); - } + String sbjname = ""; + + if (request != null) { + CMS.debug("pattern = " + pattern); + sbjname = mapPattern(request, pattern); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: getSubjectName(): subject name mapping done"); + } - return sbjname; + return sbjname; } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java index ac98a0cbb..8f9759417 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java @@ -45,7 +45,7 @@ import com.netscape.certsrv.request.IRequest; * This class implements an enrollment default policy * that populates server-side configurable subject name * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { @@ -66,12 +66,12 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { public static final String VAL_NAME = "name"; - public static final String CONFIG_LDAP_VERS = - "2,3"; + public static final String CONFIG_LDAP_VERS = + "2,3"; /* default dn pattern if left blank or not set in the config */ - protected static String DEFAULT_DNPATTERN = - "CN=$request.uid$, E=$request.mail$"; + protected static String DEFAULT_DNPATTERN = + "CN=$request.uid$, E=$request.mail$"; /* ldap configuration sub-store */ boolean mldapInitialized = false; @@ -118,93 +118,93 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mInstConfig = config; super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - CMS.debug("nsTokenUserKeySubjectNameDefault: in getConfigDescriptor, name="+ name); - if (name.equals(CONFIG_DNPATTERN)) { - return new Descriptor(IDescriptor.STRING, + public IDescriptor getConfigDescriptor(Locale locale, String name) { + CMS.debug("nsTokenUserKeySubjectNameDefault: in getConfigDescriptor, name=" + name); + if (name.equals(CONFIG_DNPATTERN)) { + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + "CMS_PROFILE_SUBJECT_NAME")); } else if (name.equals(CONFIG_LDAP_STRING_ATTRS)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_STRING_ATTRS")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_STRING_ATTRS")); } else if (name.equals(CONFIG_LDAP_ENABLE)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_ENABLE")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_ENABLE")); } else if (name.equals(CONFIG_LDAP_SEARCH_NAME)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_SEARCH_NAME")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_SEARCH_NAME")); } else if (name.equals(CONFIG_LDAP_HOST)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_HOST_NAME")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_HOST_NAME")); } else if (name.equals(CONFIG_LDAP_PORT)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_PORT_NUMBER")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_PORT_NUMBER")); } else if (name.equals(CONFIG_LDAP_SEC_CONN)) { return new Descriptor(IDescriptor.BOOLEAN, - null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_SECURE_CONN")); + null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_SECURE_CONN")); } else if (name.equals(CONFIG_LDAP_VER)) { return new Descriptor(IDescriptor.CHOICE, CONFIG_LDAP_VERS, "3", CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_VERSION")); } else if (name.equals(CONFIG_LDAP_BASEDN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_BASEDN")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_BASEDN")); } else if (name.equals(CONFIG_LDAP_MIN_CONN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_MIN_CONN")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_MIN_CONN")); } else if (name.equals(CONFIG_LDAP_MAX_CONN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_MAX_CONN")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_MAX_CONN")); } else { return null; } } public IDescriptor getValueDescriptor(Locale locale, String name) { - CMS.debug("nsTokenUserKeySubjectNameDefault: in getValueDescriptor name="+name); + CMS.debug("nsTokenUserKeySubjectNameDefault: in getValueDescriptor name=" + name); if (name.equals(VAL_NAME)) { return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { - CMS.debug("nsTokenUserKeySubjectNameDefault: in setValue, value="+value); + CMS.debug("nsTokenUserKeySubjectNameDefault: in setValue, value=" + value); if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -218,26 +218,26 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { } CMS.debug("nsTokenUserKeySubjectNameDefault: setValue name=" + x500name); try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(x500name)); } catch (Exception e) { // failed to insert subject name CMS.debug("nsTokenUserKeySubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - CMS.debug("nsTokenUserKeySubjectNameDefault: in getValue, name="+name); + X509CertInfo info) + throws EPropertyException { + CMS.debug("nsTokenUserKeySubjectNameDefault: in getValue, name=" + name); if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -254,76 +254,77 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { CMS.debug("nsTokenUserKeySubjectNameDefault: getValue " + e.toString()); } - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { CMS.debug("nsTokenUserKeySubjectNameDefault: in getText"); - return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", + return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", getConfig(CONFIG_DNPATTERN)); } public void ldapInit() - throws EProfileException { - if (mldapInitialized == true) return; + throws EProfileException { + if (mldapInitialized == true) + return; CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): begin"); try { - // cfu - XXX do more error handling here later - /* initialize ldap server configuration */ - mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS); - mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP); - mldapEnabled = mParamsConfig.getBoolean(CONFIG_LDAP_ENABLE, - false); - if (mldapEnabled == false) - return; + // cfu - XXX do more error handling here later + /* initialize ldap server configuration */ + mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS); + mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP); + mldapEnabled = mParamsConfig.getBoolean(CONFIG_LDAP_ENABLE, + false); + if (mldapEnabled == false) + return; - mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null); - mConnFactory = CMS.getLdapAnonConnFactory(); - mConnFactory.init(mLdapConfig); + mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null); + mConnFactory = CMS.getLdapAnonConnFactory(); + mConnFactory.init(mLdapConfig); - /* initialize dn pattern */ - String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null); + /* initialize dn pattern */ + String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null); - if (pattern == null || pattern.length() == 0) - pattern = DEFAULT_DNPATTERN; + if (pattern == null || pattern.length() == 0) + pattern = DEFAULT_DNPATTERN; - /* initialize ldap string attribute list */ - String ldapStringAttrs = mParamsConfig.getString(CONFIG_LDAP_STRING_ATTRS, null); + /* initialize ldap string attribute list */ + String ldapStringAttrs = mParamsConfig.getString(CONFIG_LDAP_STRING_ATTRS, null); - if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) { - StringTokenizer pAttrs = - new StringTokenizer(ldapStringAttrs, ",", false); + if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) { + StringTokenizer pAttrs = + new StringTokenizer(ldapStringAttrs, ",", false); - mLdapStringAttrs = new String[pAttrs.countTokens()]; + mLdapStringAttrs = new String[pAttrs.countTokens()]; - for (int i = 0; i < mLdapStringAttrs.length; i++) { - mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim(); + for (int i = 0; i < mLdapStringAttrs.length; i++) { + mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim(); + } } - } - CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): done"); - mldapInitialized = true; + CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): done"); + mldapInitialized = true; } catch (Exception e) { - CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): "+e.toString()); - // throw EProfileException... - throw new EProfileException("ldap init failure: "+e.toString()); + CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): " + e.toString()); + // throw EProfileException... + throw new EProfileException("ldap init failure: " + e.toString()); } - } + } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { X500Name name = null; CMS.debug("nsTokenUserKeySubjectNameDefault: in populate"); -ldapInit(); + ldapInit(); try { // cfu - this goes to ldap String subjectName = getSubjectName(request); @@ -340,8 +341,8 @@ ldapInit(); // failed to build x500 name } try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(name)); } catch (Exception e) { // failed to insert subject name CMS.debug("nsTokenUserKeySubjectNameDefault: populate " + e.toString()); @@ -349,7 +350,7 @@ ldapInit(); } private String getSubjectName(IRequest request) - throws EProfileException, IOException { + throws EProfileException, IOException { CMS.debug("nsTokenUserKeySubjectNameDefault: in getSubjectName"); @@ -360,10 +361,10 @@ ldapInit(); String sbjname = ""; if (mldapInitialized == false) { - if (request != null) { - CMS.debug("pattern = "+pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done"); + if (request != null) { + CMS.debug("pattern = " + pattern); + sbjname = mapPattern(request, pattern); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done"); } return sbjname; } @@ -384,34 +385,34 @@ ldapInit(); throw new EProfileException("no LDAP connection"); } else { conn = mConnFactory.getConn(); - if( conn == null ) { - CMS.debug( "nsTokenUserKeySubjectNameDefault::getSubjectName() - " + - "no LDAP connection" ); - throw new EProfileException( "no LDAP connection" ); + if (conn == null) { + CMS.debug("nsTokenUserKeySubjectNameDefault::getSubjectName() - " + + "no LDAP connection"); + throw new EProfileException("no LDAP connection"); } CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got LDAP connection"); } // retrieve the attributes // get user dn. - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with basedn = "+ mBaseDN); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with basedn = " + mBaseDN); LDAPSearchResults res = conn.search(mBaseDN, - LDAPv2.SCOPE_SUB, "("+ searchName + "=" + request.getExtDataInString("uid") + ")", null, false); + LDAPv2.SCOPE_SUB, "(" + searchName + "=" + request.getExtDataInString("uid") + ")", null, false); if (res.hasMoreElements()) { LDAPEntry entry = res.next(); userdn = entry.getDN(); } else {// put into property file later - cfu - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): "+ searchName + " does not exist"); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): " + searchName + " does not exist"); throw new EProfileException("id does not exist"); } - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): retrieved entry for "+searchName + " = "+request.getExtDataInString("uid")); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): retrieved entry for " + searchName + " = " + request.getExtDataInString("uid")); LDAPEntry entry = null; - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with "+ mLdapStringAttrs.length +" attributes"); - LDAPSearchResults results = - conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", - mLdapStringAttrs, false); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with " + mLdapStringAttrs.length + " attributes"); + LDAPSearchResults results = + conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", + mLdapStringAttrs, false); if (!results.hasMoreElements()) { CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): no attributes"); @@ -420,28 +421,28 @@ ldapInit(); entry = results.next(); // set attrs into request for (int i = 0; i < mLdapStringAttrs.length; i++) { - LDAPAttribute la = - entry.getAttribute(mLdapStringAttrs[i]); - if (la != null) { - String[] sla = la.getStringValueArray(); - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got attribute: "+mLdapStringAttrs[i]+ - "=" + escapeValueRfc1779(sla[0], false).toString()); - request.setExtData(mLdapStringAttrs[i], escapeValueRfc1779(sla[0], false).toString()); - } + LDAPAttribute la = + entry.getAttribute(mLdapStringAttrs[i]); + if (la != null) { + String[] sla = la.getStringValueArray(); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got attribute: " + mLdapStringAttrs[i] + + "=" + escapeValueRfc1779(sla[0], false).toString()); + request.setExtData(mLdapStringAttrs[i], escapeValueRfc1779(sla[0], false).toString()); + } } - CMS.debug("pattern = "+pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done"); + CMS.debug("pattern = " + pattern); + sbjname = mapPattern(request, pattern); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done"); CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): attributes set in request"); } catch (Exception e) { - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): "+e.toString()); - throw new EProfileException("getSubjectName() failure: "+e.toString()); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): " + e.toString()); + throw new EProfileException("getSubjectName() failure: " + e.toString()); } finally { try { if (conn != null) mConnFactory.returnConn(conn); - } catch (Exception e) { + } catch (Exception e) { throw new EProfileException("nsTokenUserKeySubjectNameDefault: getSubjectName(): connection return failure"); } } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java index d067f1e68..77d4b1ce0 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import netscape.security.x509.X509CertInfo; @@ -35,23 +34,21 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements the certificate request input. * This input populates 2 main fields to the enrollment page: * 1/ Certificate Request Type, 2/ Certificate Request * <p> * - * This input usually is used by an enrollment profile for - * certificate requests. - * + * This input usually is used by an enrollment profile for certificate requests. + * * @version $Revision$, $Date$ */ -public class CMCCertReqInput extends EnrollInput implements IProfileInput { - public static final String VAL_CERT_REQUEST_TYPE = - EnrollProfile.CTX_CERT_REQUEST_TYPE; +public class CMCCertReqInput extends EnrollInput implements IProfileInput { + public static final String VAL_CERT_REQUEST_TYPE = + EnrollProfile.CTX_CERT_REQUEST_TYPE; public static final String VAL_CERT_REQUEST = - EnrollProfile.CTX_CERT_REQUEST; + EnrollProfile.CTX_CERT_REQUEST; public EnrollProfile mEnrollProfile = null; @@ -63,7 +60,7 @@ public class CMCCertReqInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mEnrollProfile = (EnrollProfile) profile; @@ -87,22 +84,22 @@ public class CMCCertReqInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { String cert_request = ctx.get(VAL_CERT_REQUEST); X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), cert_request); if (msgs == null) { - return; + return; } // This profile only handle the first request in CRMF Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); if (seqNum == null) { - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_SEQ_NUM")); + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_SEQ_NUM")); } mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request); @@ -118,8 +115,8 @@ public class CMCCertReqInput extends EnrollInput implements IProfileInput { return new Descriptor(IDescriptor.CERT_REQUEST, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_CERT_REQ")); - } + "CMS_PROFILE_INPUT_CERT_REQ")); + } return null; } } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java index 12a4f549b..0b7e9f071 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import netscape.security.pkcs.PKCS10; @@ -38,23 +37,21 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements the certificate request input. * This input populates 2 main fields to the enrollment page: * 1/ Certificate Request Type, 2/ Certificate Request * <p> * - * This input usually is used by an enrollment profile for - * certificate requests. - * + * This input usually is used by an enrollment profile for certificate requests. + * * @version $Revision$, $Date$ */ -public class CertReqInput extends EnrollInput implements IProfileInput { - public static final String VAL_CERT_REQUEST_TYPE = - EnrollProfile.CTX_CERT_REQUEST_TYPE; +public class CertReqInput extends EnrollInput implements IProfileInput { + public static final String VAL_CERT_REQUEST_TYPE = + EnrollProfile.CTX_CERT_REQUEST_TYPE; public static final String VAL_CERT_REQUEST = - EnrollProfile.CTX_CERT_REQUEST; + EnrollProfile.CTX_CERT_REQUEST; public EnrollProfile mEnrollProfile = null; @@ -67,7 +64,7 @@ public class CertReqInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mEnrollProfile = (EnrollProfile) profile; @@ -91,19 +88,19 @@ public class CertReqInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { String cert_request_type = ctx.get(VAL_CERT_REQUEST_TYPE); String cert_request = ctx.get(VAL_CERT_REQUEST); X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); if (cert_request_type == null) { - CMS.debug("CertReqInput: populate - invalid cert request type " + - ""); + CMS.debug("CertReqInput: populate - invalid cert request type " + + ""); throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", - "")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", + "")); } if (cert_request_type.equals(EnrollProfile.REQ_TYPE_PKCS10)) { @@ -114,7 +111,7 @@ public class CertReqInput extends EnrollInput implements IProfileInput { getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); } - mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request); + mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request); } else if (cert_request_type.startsWith(EnrollProfile.REQ_TYPE_KEYGEN)) { DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), cert_request); @@ -138,7 +135,7 @@ public class CertReqInput extends EnrollInput implements IProfileInput { Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request - ); + ); } else if (cert_request_type.startsWith(EnrollProfile.REQ_TYPE_CMC)) { TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), cert_request); @@ -148,21 +145,21 @@ public class CertReqInput extends EnrollInput implements IProfileInput { } // This profile only handle the first request in CRMF Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); - if (seqNum == null) { - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_SEQ_NUM")); + if (seqNum == null) { + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_SEQ_NUM")); } mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request); } else { // error - CMS.debug("CertReqInput: populate - invalid cert request type " + - cert_request_type); + CMS.debug("CertReqInput: populate - invalid cert request type " + + cert_request_type); throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", - cert_request_type)); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", + cert_request_type)); } request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); } @@ -176,12 +173,12 @@ public class CertReqInput extends EnrollInput implements IProfileInput { return new Descriptor(IDescriptor.CERT_REQUEST_TYPE, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_CERT_REQ_TYPE")); + "CMS_PROFILE_INPUT_CERT_REQ_TYPE")); } else if (name.equals(VAL_CERT_REQUEST)) { return new Descriptor(IDescriptor.CERT_REQUEST, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_CERT_REQ")); + "CMS_PROFILE_INPUT_CERT_REQ")); } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java b/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java index b887807cc..18b9ecf52 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import netscape.security.pkcs.PKCS10; @@ -37,26 +36,24 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements the dual key generation input. - * This input populates parameters to the enrollment - * pages so that a CRMF request containing 2 certificate + * This input populates parameters to the enrollment + * pages so that a CRMF request containing 2 certificate * requests will be generated. * <p> - * - * This input can only be used with Netscape 7.x or later - * clients. + * + * This input can only be used with Netscape 7.x or later clients. * <p> - * + * * @version $Revision$, $Date$ */ -public class DualKeyGenInput extends EnrollInput implements IProfileInput { +public class DualKeyGenInput extends EnrollInput implements IProfileInput { - public static final String VAL_KEYGEN_REQUEST_TYPE = - EnrollProfile.CTX_CERT_REQUEST_TYPE; - public static final String VAL_KEYGEN_REQUEST = - EnrollProfile.CTX_CERT_REQUEST; + public static final String VAL_KEYGEN_REQUEST_TYPE = + EnrollProfile.CTX_CERT_REQUEST_TYPE; + public static final String VAL_KEYGEN_REQUEST = + EnrollProfile.CTX_CERT_REQUEST; public EnrollProfile mEnrollProfile = null; @@ -69,7 +66,7 @@ public class DualKeyGenInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mEnrollProfile = (EnrollProfile) profile; } @@ -92,29 +89,29 @@ public class DualKeyGenInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { String keygen_request_type = ctx.get(VAL_KEYGEN_REQUEST_TYPE); String keygen_request = ctx.get(VAL_KEYGEN_REQUEST); X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); if (keygen_request_type == null) { CMS.debug("DualKeyGenInput: populate - invalid cert request type " + - ""); + ""); throw new EProfileException( CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", - "")); + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", + "")); } if (keygen_request_type.startsWith("pkcs10")) { PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request); - mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request); + mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request); } else if (keygen_request_type.startsWith("keygen")) { DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), keygen_request); - mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request); + mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request); } else if (keygen_request_type.startsWith("crmf")) { CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), keygen_request); @@ -128,20 +125,20 @@ public class DualKeyGenInput extends EnrollInput implements IProfileInput { // This profile only handle the first request in CRMF Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); - if (seqNum == null) { - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_SEQ_NUM")); + if (seqNum == null) { + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_SEQ_NUM")); } mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request); } else { // error - CMS.debug("DualKeyGenInput: populate - " + - "invalid cert request type " + keygen_request_type); + CMS.debug("DualKeyGenInput: populate - " + + "invalid cert request type " + keygen_request_type); throw new EProfileException(CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", + getLocale(request), + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", keygen_request_type)); } request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); diff --git a/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java b/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java index 1eaf476b9..db3945785 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -41,16 +40,15 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements the base enrollment input. - * + * * @version $Revision$, $Date$ */ -public abstract class EnrollInput implements IProfileInput { +public abstract class EnrollInput implements IProfileInput { private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = - "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; + "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; protected IConfigStore mConfig = null; protected Vector mValueNames = new Vector(); @@ -58,12 +56,12 @@ public abstract class EnrollInput implements IProfileInput { protected IProfile mProfile = null; protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); - + /** * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mConfig = config; mProfile = profile; } @@ -74,17 +72,17 @@ public abstract class EnrollInput implements IProfileInput { /** * Populates the request with this policy default. - * + * * @param ctx profile context * @param request request * @exception EProfileException failed to populate */ public abstract void populate(IProfileContext ctx, IRequest request) - throws EProfileException; + throws EProfileException; /** * Retrieves the localizable name of this policy. - * + * * @param locale user locale * @return localized input name */ @@ -92,7 +90,7 @@ public abstract class EnrollInput implements IProfileInput { /** * Retrieves the localizable description of this policy. - * + * * @param locale user locale * @return localized input description */ @@ -101,14 +99,13 @@ public abstract class EnrollInput implements IProfileInput { /** * Retrieves the descriptor of the given value * property by name. - * + * * @param locale user locale * @param name property name * @return descriptor of the property */ public abstract IDescriptor getValueDescriptor(Locale locale, String name); - public void addValueName(String name) { mValueNames.addElement(name); } @@ -129,7 +126,7 @@ public abstract class EnrollInput implements IProfileInput { } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (mConfig.getSubStore("params") == null) { // } else { @@ -141,7 +138,7 @@ public abstract class EnrollInput implements IProfileInput { try { if (mConfig == null) { return null; - } + } if (mConfig.getSubStore("params") != null) { return mConfig.getSubStore("params").getString(name); } @@ -155,7 +152,7 @@ public abstract class EnrollInput implements IProfileInput { } public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { return request.getExtDataInString(name); } @@ -163,7 +160,7 @@ public abstract class EnrollInput implements IProfileInput { * Sets the value of the given value parameter by name. */ public void setValue(String name, Locale locale, IRequest request, - String value) throws EPropertyException { + String value) throws EPropertyException { request.setExtData(name, value); } @@ -181,16 +178,16 @@ public abstract class EnrollInput implements IProfileInput { return null; } - public void verifyPOP(Locale locale, CertReqMsg certReqMsg) - throws EProfileException { - CMS.debug("EnrollInput ::in verifyPOP"); + public void verifyPOP(Locale locale, CertReqMsg certReqMsg) + throws EProfileException { + CMS.debug("EnrollInput ::in verifyPOP"); String auditMessage = null; String auditSubjectID = auditSubjectID(); - if (!certReqMsg.hasPop()) { + if (!certReqMsg.hasPop()) { CMS.debug("CertReqMsg has not POP, return"); - return; + return; } ProofOfPossession pop = certReqMsg.getPop(); ProofOfPossession.Type popType = pop.getType(); @@ -202,8 +199,8 @@ public abstract class EnrollInput implements IProfileInput { try { if (CMS.getConfigStore().getBoolean("cms.skipPOPVerify", false)) { - CMS.debug("skipPOPVerify on, return"); - return; + CMS.debug("skipPOPVerify on, return"); + return; } CMS.debug("POP verification begins:"); CryptoManager cm = CryptoManager.getInstance(); @@ -214,42 +211,42 @@ public abstract class EnrollInput implements IProfileInput { CMS.debug("POP verification using internal token"); certReqMsg.verify(); } else { - CMS.debug("POP verification using token:"+ tokenName); + CMS.debug("POP verification using token:" + tokenName); verifyToken = cm.getTokenByName(tokenName); certReqMsg.verify(verifyToken); } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.SUCCESS ); - audit( auditMessage ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.SUCCESS); + audit(auditMessage); } catch (Exception e) { - CMS.debug("Failed POP verify! "+e.toString()); + CMS.debug("Failed POP verify! " + e.toString()); CMS.debug(e); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.FAILURE ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.FAILURE); - audit( auditMessage ); + audit(auditMessage); - throw new EProfileException(CMS.getUserMessage(locale, + throw new EProfileException(CMS.getUserMessage(locale, "CMS_POP_VERIFICATION_ERROR")); } } /** * Signed Audit Log - * + * * This method is inherited by all extended "CMSServlet"s, * and is called to store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -261,20 +258,20 @@ public abstract class EnrollInput implements IProfileInput { } mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } /** * Signed Audit Log Subject ID - * + * * This method is inherited by all extended "CMSServlet"s, * and is called to obtain the "SubjectID" for * a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { diff --git a/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java b/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java index 70ede1e25..41a0ff1f4 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.io.BufferedInputStream; import java.net.URL; import java.net.URLConnection; @@ -34,15 +33,14 @@ import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements the image * input that collects a picture. * <p> - * + * * @version $Revision$, $Date$ */ -public class FileSigningInput extends EnrollInput implements IProfileInput { +public class FileSigningInput extends EnrollInput implements IProfileInput { public static final String URL = "file_signing_url"; public static final String TEXT = "file_signing_text"; @@ -59,7 +57,7 @@ public class FileSigningInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -77,13 +75,12 @@ public class FileSigningInput extends EnrollInput implements IProfileInput { return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_TEXT"); } - public String toHexString(byte data[]) - { + public String toHexString(byte data[]) { StringBuffer sb = new StringBuffer(); for (int i = 0; i < data.length; i++) { int v = data[i] & 0xff; if (v <= 9) { - sb.append("0"); + sb.append("0"); } sb.append(Integer.toHexString(v)); } @@ -94,36 +91,36 @@ public class FileSigningInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { request.setExtData(TEXT, ctx.get(TEXT)); request.setExtData(URL, ctx.get(URL)); request.setExtData(DIGEST_TYPE, "SHA256"); - + try { - // retrieve file and calculate the hash - URL url = new URL(ctx.get(URL)); - URLConnection c = url.openConnection(); - c.setAllowUserInteraction(false); - c.setDoInput(true); - c.setDoOutput(false); - c.setUseCaches(false); - c.connect(); - int len = c.getContentLength(); - request.setExtData(SIZE, Integer.toString(len)); - BufferedInputStream is = new BufferedInputStream(c.getInputStream()); - byte data[] = new byte[len]; - is.read(data, 0, len); - is.close(); + // retrieve file and calculate the hash + URL url = new URL(ctx.get(URL)); + URLConnection c = url.openConnection(); + c.setAllowUserInteraction(false); + c.setDoInput(true); + c.setDoOutput(false); + c.setUseCaches(false); + c.connect(); + int len = c.getContentLength(); + request.setExtData(SIZE, Integer.toString(len)); + BufferedInputStream is = new BufferedInputStream(c.getInputStream()); + byte data[] = new byte[len]; + is.read(data, 0, len); + is.close(); - // calculate digest - MessageDigest digester = MessageDigest.getInstance("SHA256"); - byte digest[] = digester.digest(data); - request.setExtData(DIGEST, toHexString(digest)); - } catch (Exception e) { - CMS.debug("FileSigningInput populate failure " + e); - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_FILE_NOT_FOUND")); + // calculate digest + MessageDigest digester = MessageDigest.getInstance("SHA256"); + byte digest[] = digester.digest(data); + request.setExtData(DIGEST, toHexString(digest)); + } catch (Exception e) { + CMS.debug("FileSigningInput populate failure " + e); + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_FILE_NOT_FOUND")); } } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java b/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java index 5aa85e0ef..029e497f4 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -32,14 +31,13 @@ import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements a generic input. * <p> - * + * * @version $Revision$, $Date$ */ -public class GenericInput extends EnrollInput implements IProfileInput { +public class GenericInput extends EnrollInput implements IProfileInput { public static final String CONFIG_NUM = "gi_num"; public static final String CONFIG_DISPLAY_NAME = "gi_display_name"; @@ -49,12 +47,12 @@ public class GenericInput extends EnrollInput implements IProfileInput { public static final int DEF_NUM = 5; public GenericInput() { - int num = getNum(); - for (int i = 0; i < num; i++) { - addConfigName(CONFIG_PARAM_NAME + i); - addConfigName(CONFIG_DISPLAY_NAME + i); - addConfigName(CONFIG_ENABLE + i); - } + int num = getNum(); + for (int i = 0; i < num; i++) { + addConfigName(CONFIG_PARAM_NAME + i); + addConfigName(CONFIG_DISPLAY_NAME + i); + addConfigName(CONFIG_ENABLE + i); + } } protected int getNum() { @@ -75,7 +73,7 @@ public class GenericInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -97,48 +95,48 @@ public class GenericInput extends EnrollInput implements IProfileInput { * Returns selected value names based on the configuration. */ public Enumeration getValueNames() { - Vector v = new Vector(); - int num = getNum(); - for (int i = 0; i < num; i++) { - String enable = getConfig(CONFIG_ENABLE + i); - if (enable != null && enable.equals("true")) { - v.addElement(getConfig(CONFIG_PARAM_NAME + i)); - } - } - return v.elements(); + Vector v = new Vector(); + int num = getNum(); + for (int i = 0; i < num; i++) { + String enable = getConfig(CONFIG_ENABLE + i); + if (enable != null && enable.equals("true")) { + v.addElement(getConfig(CONFIG_PARAM_NAME + i)); + } + } + return v.elements(); } /** * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { int num = getNum(); for (int i = 0; i < num; i++) { - String enable = getConfig(CONFIG_ENABLE + i); - if (enable != null && enable.equals("true")) { + String enable = getConfig(CONFIG_ENABLE + i); + if (enable != null && enable.equals("true")) { String param = getConfig(CONFIG_PARAM_NAME + i); request.setExtData(param, ctx.get(param)); - } + } } } public IDescriptor getConfigDescriptor(Locale locale, String name) { int num = getNum(); for (int i = 0; i < num; i++) { - if (name.equals(CONFIG_PARAM_NAME + i)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_GI_PARAM_NAME") + i); - } else if (name.equals(CONFIG_DISPLAY_NAME + i)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_GI_DISPLAY_NAME") + i); - } else if (name.equals(CONFIG_ENABLE + i)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_GI_ENABLE") + i); - } + if (name.equals(CONFIG_PARAM_NAME + i)) { + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_GI_PARAM_NAME") + i); + } else if (name.equals(CONFIG_DISPLAY_NAME + i)) { + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_GI_DISPLAY_NAME") + i); + } else if (name.equals(CONFIG_ENABLE + i)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_GI_ENABLE") + i); + } } // for return null; } @@ -150,12 +148,12 @@ public class GenericInput extends EnrollInput implements IProfileInput { public IDescriptor getValueDescriptor(Locale locale, String name) { int num = getNum(); for (int i = 0; i < num; i++) { - String param = getConfig(CONFIG_PARAM_NAME + i); - if (param != null && param.equals(name)) { - return new Descriptor(IDescriptor.STRING, null, - null, - getConfig(CONFIG_DISPLAY_NAME + i)); - } + String param = getConfig(CONFIG_PARAM_NAME + i); + if (param != null && param.equals(name)) { + return new Descriptor(IDescriptor.STRING, null, + null, + getConfig(CONFIG_DISPLAY_NAME + i)); + } } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java b/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java index 265b958d4..30570b56c 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import com.netscape.certsrv.apps.CMS; @@ -30,15 +29,14 @@ import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements the image * input that collects a picture. * <p> - * + * * @version $Revision$, $Date$ */ -public class ImageInput extends EnrollInput implements IProfileInput { +public class ImageInput extends EnrollInput implements IProfileInput { public static final String IMAGE_URL = "image_url"; @@ -50,7 +48,7 @@ public class ImageInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -72,7 +70,7 @@ public class ImageInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { request.setExtData(IMAGE_URL, ctx.get(IMAGE_URL)); } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java b/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java index 00c0ffcf9..c2b3cf0d5 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import netscape.security.pkcs.PKCS10; @@ -38,25 +37,23 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements the key generation input that * populates parameters to the enrollment page for * key generation. * <p> - * - * This input normally is used with user-based or - * non certificate request profile. + * + * This input normally is used with user-based or non certificate request profile. * <p> - * + * * @version $Revision$, $Date$ */ -public class KeyGenInput extends EnrollInput implements IProfileInput { +public class KeyGenInput extends EnrollInput implements IProfileInput { - public static final String VAL_KEYGEN_REQUEST_TYPE = - EnrollProfile.CTX_CERT_REQUEST_TYPE; - public static final String VAL_KEYGEN_REQUEST = - EnrollProfile.CTX_CERT_REQUEST; + public static final String VAL_KEYGEN_REQUEST_TYPE = + EnrollProfile.CTX_CERT_REQUEST_TYPE; + public static final String VAL_KEYGEN_REQUEST = + EnrollProfile.CTX_CERT_REQUEST; public EnrollProfile mEnrollProfile = null; @@ -69,7 +66,7 @@ public class KeyGenInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mEnrollProfile = (EnrollProfile) profile; } @@ -92,20 +89,20 @@ public class KeyGenInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { String keygen_request_type = ctx.get(VAL_KEYGEN_REQUEST_TYPE); String keygen_request = ctx.get(VAL_KEYGEN_REQUEST); X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); if (keygen_request_type == null) { CMS.debug("KeyGenInput: populate - invalid cert request type " + - ""); + ""); throw new EProfileException( CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", - "")); + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", + "")); } if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_PKCS10)) { PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request); @@ -115,7 +112,7 @@ public class KeyGenInput extends EnrollInput implements IProfileInput { getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); } - mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request); + mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request); } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_KEYGEN)) { DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), keygen_request); @@ -124,7 +121,7 @@ public class KeyGenInput extends EnrollInput implements IProfileInput { getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); } - mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request); + mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request); } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_CRMF)) { CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), keygen_request); @@ -149,17 +146,17 @@ public class KeyGenInput extends EnrollInput implements IProfileInput { // This profile only handle the first request in CRMF Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); - if (seqNum == null) { - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_SEQ_NUM")); + if (seqNum == null) { + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_SEQ_NUM")); } mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request); } else { // error CMS.debug("DualKeyGenInput: populate - " + - "invalid cert request type " + keygen_request_type); + "invalid cert request type " + keygen_request_type); throw new EProfileException(CMS.getUserMessage( getLocale(request), "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java index dce75c15d..542a2c940 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import com.netscape.certsrv.apps.CMS; @@ -30,15 +29,14 @@ import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements the serial number input * for renewal * <p> - * - * @author Christina Fu + * + * @author Christina Fu */ -public class SerialNumRenewInput extends EnrollInput implements IProfileInput { +public class SerialNumRenewInput extends EnrollInput implements IProfileInput { public static final String SERIAL_NUM = "serial_num"; @@ -50,7 +48,7 @@ public class SerialNumRenewInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -72,7 +70,7 @@ public class SerialNumRenewInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { // } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java index 4a8f60505..a12351f8a 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -37,11 +36,10 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This plugin accepts subject DN from end user. */ -public class SubjectDNInput extends EnrollInput implements IProfileInput { +public class SubjectDNInput extends EnrollInput implements IProfileInput { public static final String VAL_SUBJECT = "subject"; @@ -52,7 +50,7 @@ public class SubjectDNInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -70,37 +68,36 @@ public class SubjectDNInput extends EnrollInput implements IProfileInput { return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_TEXT"); } - public String getConfig(String name) { - String config = super.getConfig(name); - if (config == null || config.equals("")) - return "true"; - return config; + String config = super.getConfig(name); + if (config == null || config.equals("")) + return "true"; + return config; } /** * Returns selected value names based on the configuration. */ public Enumeration<String> getValueNames() { - Vector<String> v = new Vector<String>(); - v.addElement(VAL_SUBJECT); - return v.elements(); + Vector<String> v = new Vector<String>(); + v.addElement(VAL_SUBJECT); + return v.elements(); } /** * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); String subjectName = ""; subjectName = ctx.get(VAL_SUBJECT); if (subjectName.equals("")) { throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } X500Name name = null; @@ -108,10 +105,10 @@ public class SubjectDNInput extends EnrollInput implements IProfileInput { name = new X500Name(subjectName); } catch (Exception e) { throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName)); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName)); } - parseSubjectName(name, info, request); + parseSubjectName(name, info, request); request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); } @@ -133,13 +130,13 @@ public class SubjectDNInput extends EnrollInput implements IProfileInput { } protected void parseSubjectName(X500Name subj, X509CertInfo info, IRequest req) - throws EProfileException { + throws EProfileException { try { req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME, new CertificateSubjectName(subj)); } catch (Exception e) { - CMS.debug("SubjectNameInput: parseSubject Name " + - e.toString()); + CMS.debug("SubjectNameInput: parseSubject Name " + + e.toString()); } } } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java index 15f906f99..55ede1386 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -37,20 +36,18 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements the subject name input * that populates text fields to the enrollment * page so that distinguished name parameters * can be collected from the user. * <p> - * The collected parameters could be used for - * fomulating the subject name in the certificate. + * The collected parameters could be used for fomulating the subject name in the certificate. * <p> - * + * * @version $Revision$, $Date$ */ -public class SubjectNameInput extends EnrollInput implements IProfileInput { +public class SubjectNameInput extends EnrollInput implements IProfileInput { public static final String CONFIG_UID = "sn_uid"; public static final String CONFIG_EMAIL = "sn_e"; @@ -88,7 +85,7 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -106,101 +103,100 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput { return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_TEXT"); } - public String getConfig(String name) { - String config = super.getConfig(name); - if (config == null || config.equals("")) - return "true"; - return config; + String config = super.getConfig(name); + if (config == null || config.equals("")) + return "true"; + return config; } /** * Returns selected value names based on the configuration. */ public Enumeration getValueNames() { - Vector v = new Vector(); - String c_uid = getConfig(CONFIG_UID); - if (c_uid == null || c_uid.equals("")) { - v.addElement(VAL_UID); // default case - } else { - if (c_uid.equals("true")) { - v.addElement(VAL_UID); - } - } - String c_email = getConfig(CONFIG_EMAIL); - if (c_email == null || c_email.equals("")) { - v.addElement(VAL_EMAIL); - } else { - if (c_email.equals("true")) { - v.addElement(VAL_EMAIL); - } - } - String c_cn = getConfig(CONFIG_CN); - if (c_cn == null || c_cn.equals("")) { - v.addElement(VAL_CN); - } else { - if (c_cn.equals("true")) { - v.addElement(VAL_CN); - } - } - String c_ou3 = getConfig(CONFIG_OU3); - if (c_ou3 == null || c_ou3.equals("")) { - v.addElement(VAL_OU3); - } else { - if (c_ou3.equals("true")) { - v.addElement(VAL_OU3); - } - } - String c_ou2 = getConfig(CONFIG_OU2); - if (c_ou2 == null || c_ou2.equals("")) { - v.addElement(VAL_OU2); - } else { - if (c_ou2.equals("true")) { - v.addElement(VAL_OU2); - } - } - String c_ou1 = getConfig(CONFIG_OU1); - if (c_ou1 == null || c_ou1.equals("")) { - v.addElement(VAL_OU1); - } else { - if (c_ou1.equals("true")) { - v.addElement(VAL_OU1); - } - } - String c_ou = getConfig(CONFIG_OU); - if (c_ou == null || c_ou.equals("")) { - v.addElement(VAL_OU); - } else { - if (c_ou.equals("true")) { - v.addElement(VAL_OU); - } - } - String c_o = getConfig(CONFIG_O); - if (c_o == null || c_o.equals("")) { - v.addElement(VAL_O); - } else { - if (c_o.equals("true")) { - v.addElement(VAL_O); - } - } - String c_c = getConfig(CONFIG_C); - if (c_c == null || c_c.equals("")) { - v.addElement(VAL_C); - } else { - if (c_c.equals("true")) { - v.addElement(VAL_C); - } - } - return v.elements(); + Vector v = new Vector(); + String c_uid = getConfig(CONFIG_UID); + if (c_uid == null || c_uid.equals("")) { + v.addElement(VAL_UID); // default case + } else { + if (c_uid.equals("true")) { + v.addElement(VAL_UID); + } + } + String c_email = getConfig(CONFIG_EMAIL); + if (c_email == null || c_email.equals("")) { + v.addElement(VAL_EMAIL); + } else { + if (c_email.equals("true")) { + v.addElement(VAL_EMAIL); + } + } + String c_cn = getConfig(CONFIG_CN); + if (c_cn == null || c_cn.equals("")) { + v.addElement(VAL_CN); + } else { + if (c_cn.equals("true")) { + v.addElement(VAL_CN); + } + } + String c_ou3 = getConfig(CONFIG_OU3); + if (c_ou3 == null || c_ou3.equals("")) { + v.addElement(VAL_OU3); + } else { + if (c_ou3.equals("true")) { + v.addElement(VAL_OU3); + } + } + String c_ou2 = getConfig(CONFIG_OU2); + if (c_ou2 == null || c_ou2.equals("")) { + v.addElement(VAL_OU2); + } else { + if (c_ou2.equals("true")) { + v.addElement(VAL_OU2); + } + } + String c_ou1 = getConfig(CONFIG_OU1); + if (c_ou1 == null || c_ou1.equals("")) { + v.addElement(VAL_OU1); + } else { + if (c_ou1.equals("true")) { + v.addElement(VAL_OU1); + } + } + String c_ou = getConfig(CONFIG_OU); + if (c_ou == null || c_ou.equals("")) { + v.addElement(VAL_OU); + } else { + if (c_ou.equals("true")) { + v.addElement(VAL_OU); + } + } + String c_o = getConfig(CONFIG_O); + if (c_o == null || c_o.equals("")) { + v.addElement(VAL_O); + } else { + if (c_o.equals("true")) { + v.addElement(VAL_O); + } + } + String c_c = getConfig(CONFIG_C); + if (c_c == null || c_c.equals("")) { + v.addElement(VAL_C); + } else { + if (c_c.equals("true")) { + v.addElement(VAL_C); + } + } + return v.elements(); } /** * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); String subjectName = ""; String uid = ctx.get(VAL_UID); @@ -270,8 +266,8 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput { } if (subjectName.equals("")) { throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } X500Name name = null; @@ -279,10 +275,10 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput { name = new X500Name(subjectName); } catch (Exception e) { throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName)); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName)); } - parseSubjectName(name, info, request); + parseSubjectName(name, info, request); request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); } @@ -374,13 +370,13 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput { } protected void parseSubjectName(X500Name subj, X509CertInfo info, IRequest req) - throws EProfileException { + throws EProfileException { try { req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME, new CertificateSubjectName(subj)); } catch (Exception e) { - CMS.debug("SubjectNameInput: parseSubject Name " + - e.toString()); + CMS.debug("SubjectNameInput: parseSubject Name " + + e.toString()); } } } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java index 52df2d418..984706f42 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import com.netscape.certsrv.apps.CMS; @@ -30,16 +29,15 @@ import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements the submitter information - * input that collects certificate requestor's + * input that collects certificate requestor's * information such as name, email and phone. * <p> - * + * * @version $Revision$, $Date$ */ -public class SubmitterInfoInput extends EnrollInput implements IProfileInput { +public class SubmitterInfoInput extends EnrollInput implements IProfileInput { public static final String NAME = "requestor_name"; public static final String EMAIL = "requestor_email"; @@ -55,7 +53,7 @@ public class SubmitterInfoInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -77,7 +75,7 @@ public class SubmitterInfoInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { // } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java index 64988fed3..3c6067891 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import netscape.security.x509.X509CertInfo; @@ -33,19 +32,17 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements the certificate request input from TPS. * This input populates 2 main fields to the enrollment "page": * 1/ token cuid, 2/ publickey * <p> * - * This input usually is used by an enrollment profile for - * certificate requests coming from TPS. - * + * This input usually is used by an enrollment profile for certificate requests coming from TPS. + * * @version $Revision$, $Date$ */ -public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput { +public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput { public static final String VAL_TOKEN_CUID = "tokencuid"; public static final String VAL_PUBLIC_KEY = "publickey"; @@ -60,7 +57,7 @@ public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mEnrollProfile = (EnrollProfile) profile; @@ -80,66 +77,65 @@ public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput { return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TEXT"); } - /* - * Pretty print token cuid - */ - public String toPrettyPrint(String cuid) - { - if (cuid == null) - return null; - - if (cuid.length() != 20) - return null; - - StringBuffer sb = new StringBuffer(); - for (int i=0; i < cuid.length(); i++) { - if (i == 4 || i == 8 || i == 12 || i == 16) { - sb.append("-"); - } - sb.append(cuid.charAt(i)); - } - return sb.toString(); - } + /* + * Pretty print token cuid + */ + public String toPrettyPrint(String cuid) { + if (cuid == null) + return null; + + if (cuid.length() != 20) + return null; + + StringBuffer sb = new StringBuffer(); + for (int i = 0; i < cuid.length(); i++) { + if (i == 4 || i == 8 || i == 12 || i == 16) { + sb.append("-"); + } + sb.append(cuid.charAt(i)); + } + return sb.toString(); + } /** * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { String tcuid = ctx.get(VAL_TOKEN_CUID); - // pretty print tcuid - String prettyPrintCuid = toPrettyPrint(tcuid); - if (prettyPrintCuid == null) { + // pretty print tcuid + String prettyPrintCuid = toPrettyPrint(tcuid); + if (prettyPrintCuid == null) { throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_TOKENKEY_NO_TOKENCUID", - "")); - } + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_TOKENKEY_NO_TOKENCUID", + "")); + } - request.setExtData("pretty_print_tokencuid", prettyPrintCuid); + request.setExtData("pretty_print_tokencuid", prettyPrintCuid); String pk = ctx.get(VAL_PUBLIC_KEY); X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); if (tcuid == null) { - CMS.debug("nsHKeyCertReqInput: populate - tokencuid not found " + - ""); + CMS.debug("nsHKeyCertReqInput: populate - tokencuid not found " + + ""); throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_TOKENKEY_NO_TOKENCUID", - "")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_TOKENKEY_NO_TOKENCUID", + "")); } if (pk == null) { - CMS.debug("nsHKeyCertReqInput: populate - public key not found " + - ""); + CMS.debug("nsHKeyCertReqInput: populate - public key not found " + + ""); throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY", - "")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY", + "")); } - mEnrollProfile.fillNSHKEY(getLocale(request), tcuid, pk, info, request); + mEnrollProfile.fillNSHKEY(getLocale(request), tcuid, pk, info, request); request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); } @@ -152,12 +148,12 @@ public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput { return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TOKEN_CUID")); + "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TOKEN_CUID")); } else if (name.equals(VAL_PUBLIC_KEY)) { return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK")); + "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK")); } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java index 58984c6c3..196798683 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import netscape.security.x509.X509CertInfo; @@ -33,19 +32,17 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements the certificate request input from TPS. * This input populates 2 main fields to the enrollment "page": * 1/ id, 2/ publickey * <p> * - * This input usually is used by an enrollment profile for - * certificate requests coming from TPS. - * + * This input usually is used by an enrollment profile for certificate requests coming from TPS. + * * @version $Revision$, $Date$ */ -public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput { +public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput { public static final String VAL_SN = "screenname"; public static final String VAL_PUBLIC_KEY = "publickey"; @@ -60,7 +57,7 @@ public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mEnrollProfile = (EnrollProfile) profile; @@ -84,30 +81,30 @@ public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { String sn = ctx.get(VAL_SN); String pk = ctx.get(VAL_PUBLIC_KEY); X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); if (sn == null) { - CMS.debug("nsNKeyCertReqInput: populate - id not found " + - ""); + CMS.debug("nsNKeyCertReqInput: populate - id not found " + + ""); throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_TOKENKEY_NO_ID", - "")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_TOKENKEY_NO_ID", + "")); } if (pk == null) { - CMS.debug("nsNKeyCertReqInput: populate - public key not found " + - ""); + CMS.debug("nsNKeyCertReqInput: populate - public key not found " + + ""); throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY", - "")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY", + "")); } - mEnrollProfile.fillNSNKEY(getLocale(request), sn, pk, info, request); + mEnrollProfile.fillNSNKEY(getLocale(request), sn, pk, info, request); request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); } @@ -120,12 +117,12 @@ public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput { return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_UID")); + "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_UID")); } else if (name.equals(VAL_PUBLIC_KEY)) { return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK")); + "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK")); } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java index 999bdc67e..2253460b1 100644 --- a/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java +++ b/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.output; - import java.io.ByteArrayOutputStream; import java.security.cert.X509Certificate; import java.util.Locale; @@ -45,14 +44,13 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements the output plugin that outputs * CMMF response for the issued certificate. - * + * * @version $Revision$, $Date$ */ -public class CMMFOutput extends EnrollOutput implements IProfileOutput { +public class CMMFOutput extends EnrollOutput implements IProfileOutput { public static final String VAL_PRETTY_CERT = "pretty_cert"; public static final String VAL_CMMF_RESPONSE = "cmmf_response"; @@ -66,7 +64,7 @@ public class CMMFOutput extends EnrollOutput implements IProfileOutput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -88,7 +86,7 @@ public class CMMFOutput extends EnrollOutput implements IProfileOutput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { } /** @@ -99,61 +97,61 @@ public class CMMFOutput extends EnrollOutput implements IProfileOutput { if (name.equals(VAL_PRETTY_CERT)) { return new Descriptor(IDescriptor.PRETTY_PRINT, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_CERT_PP")); + CMS.getUserMessage(locale, + "CMS_PROFILE_OUTPUT_CERT_PP")); } else if (name.equals(VAL_CMMF_RESPONSE)) { return new Descriptor(IDescriptor.PRETTY_PRINT, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_CMMF_B64")); + CMS.getUserMessage(locale, + "CMS_PROFILE_OUTPUT_CMMF_B64")); } return null; } public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { if (name.equals(VAL_PRETTY_CERT)) { X509CertImpl cert = request.getExtDataInCert( EnrollProfile.REQUEST_ISSUED_CERT); - ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); + ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); return prettyCert.toString(locale); } else if (name.equals(VAL_CMMF_RESPONSE)) { try { - X509CertImpl cert = request.getExtDataInCert( - EnrollProfile.REQUEST_ISSUED_CERT); - if (cert == null) - return null; - - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem("ca"); - CertificateChain cachain = ca.getCACertChain(); - X509Certificate[] cacerts = cachain.getChain(); - - byte[][] caPubs = new byte[cacerts.length][]; - - for (int j = 0; j < cacerts.length; j++) { - caPubs[j] = ((X509CertImpl) cacerts[j]).getEncoded(); - } - - CertRepContent certRepContent = null; - certRepContent = new CertRepContent(caPubs); - - PKIStatusInfo status = new PKIStatusInfo(PKIStatusInfo.granted); - CertifiedKeyPair certifiedKP = - new CertifiedKeyPair(new CertOrEncCert(cert.getEncoded())); - CertResponse resp = - new CertResponse(new INTEGER(request.getRequestId().toString()), - status, certifiedKP); - certRepContent.addCertResponse(resp); - - ByteArrayOutputStream certRepOut = new ByteArrayOutputStream(); - certRepContent.encode(certRepOut); - byte[] certRepBytes = certRepOut.toByteArray(); - - return CMS.BtoA(certRepBytes); + X509CertImpl cert = request.getExtDataInCert( + EnrollProfile.REQUEST_ISSUED_CERT); + if (cert == null) + return null; + + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem("ca"); + CertificateChain cachain = ca.getCACertChain(); + X509Certificate[] cacerts = cachain.getChain(); + + byte[][] caPubs = new byte[cacerts.length][]; + + for (int j = 0; j < cacerts.length; j++) { + caPubs[j] = ((X509CertImpl) cacerts[j]).getEncoded(); + } + + CertRepContent certRepContent = null; + certRepContent = new CertRepContent(caPubs); + + PKIStatusInfo status = new PKIStatusInfo(PKIStatusInfo.granted); + CertifiedKeyPair certifiedKP = + new CertifiedKeyPair(new CertOrEncCert(cert.getEncoded())); + CertResponse resp = + new CertResponse(new INTEGER(request.getRequestId().toString()), + status, certifiedKP); + certRepContent.addCertResponse(resp); + + ByteArrayOutputStream certRepOut = new ByteArrayOutputStream(); + certRepContent.encode(certRepOut); + byte[] certRepBytes = certRepOut.toByteArray(); + + return CMS.BtoA(certRepBytes); } catch (Exception e) { - return null; + return null; } } else { return null; diff --git a/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java index 7a2631da4..1293c055c 100644 --- a/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java +++ b/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.output; - import java.util.Locale; import netscape.security.x509.X509CertImpl; @@ -34,14 +33,13 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements the pretty print certificate output * that displays the issued certificate in a pretty print format. - * + * * @version $Revision$, $Date$ */ -public class CertOutput extends EnrollOutput implements IProfileOutput { +public class CertOutput extends EnrollOutput implements IProfileOutput { public static final String VAL_PRETTY_CERT = "pretty_cert"; public static final String VAL_B64_CERT = "b64_cert"; @@ -54,7 +52,7 @@ public class CertOutput extends EnrollOutput implements IProfileOutput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -76,7 +74,7 @@ public class CertOutput extends EnrollOutput implements IProfileOutput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { } /** @@ -87,25 +85,25 @@ public class CertOutput extends EnrollOutput implements IProfileOutput { if (name.equals(VAL_PRETTY_CERT)) { return new Descriptor(IDescriptor.PRETTY_PRINT, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_CERT_PP")); + CMS.getUserMessage(locale, + "CMS_PROFILE_OUTPUT_CERT_PP")); } else if (name.equals(VAL_B64_CERT)) { return new Descriptor(IDescriptor.PRETTY_PRINT, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_CERT_B64")); + CMS.getUserMessage(locale, + "CMS_PROFILE_OUTPUT_CERT_B64")); } return null; } public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { if (name.equals(VAL_PRETTY_CERT)) { X509CertImpl cert = request.getExtDataInCert( EnrollProfile.REQUEST_ISSUED_CERT); if (cert == null) return null; - ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); + ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); return prettyCert.toString(locale); } else if (name.equals(VAL_B64_CERT)) { @@ -113,7 +111,7 @@ public class CertOutput extends EnrollOutput implements IProfileOutput { EnrollProfile.REQUEST_ISSUED_CERT); if (cert == null) return null; - return CMS.getEncodedCert(cert); + return CMS.getEncodedCert(cert); } else { return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java index 5e3f077b2..25a4b4908 100644 --- a/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java +++ b/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.output; - import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -31,22 +30,21 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements the basic enrollment output. - * + * * @version $Revision$, $Date$ */ -public abstract class EnrollOutput implements IProfileOutput { +public abstract class EnrollOutput implements IProfileOutput { private IConfigStore mConfig = null; private Vector<String> mValueNames = new Vector<String>(); protected Vector<String> mConfigNames = new Vector<String>(); - + /** * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mConfig = config; } @@ -60,28 +58,27 @@ public abstract class EnrollOutput implements IProfileOutput { /** * Populates the request with this policy default. - * + * * @param ctx profile context * @param request request * @exception EProfileException failed to populate */ public abstract void populate(IProfileContext ctx, IRequest request) - throws EProfileException; + throws EProfileException; /** * Retrieves the descriptor of the given value * parameter by name. - * + * * @param locale user locale * @param name property name * @return property descriptor */ public abstract IDescriptor getValueDescriptor(Locale locale, String name); - /** * Retrieves the localizable name of this policy. - * + * * @param locale user locale * @return output policy name */ @@ -89,7 +86,7 @@ public abstract class EnrollOutput implements IProfileOutput { /** * Retrieves the localizable description of this policy. - * + * * @param locale user locale * @return output policy description */ @@ -103,7 +100,7 @@ public abstract class EnrollOutput implements IProfileOutput { } public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { return request.getExtDataInString(name); } @@ -111,7 +108,7 @@ public abstract class EnrollOutput implements IProfileOutput { * Sets the value of the given value parameter by name. */ public void setValue(String name, Locale locale, IRequest request, - String value) throws EPropertyException { + String value) throws EPropertyException { request.setExtData(name, value); } @@ -124,7 +121,7 @@ public abstract class EnrollOutput implements IProfileOutput { } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { } public String getConfig(String name) { diff --git a/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java b/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java index 657184813..0e01e15dd 100644 --- a/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java +++ b/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.output; - import java.io.ByteArrayOutputStream; import java.security.cert.X509Certificate; import java.util.Locale; @@ -42,14 +41,13 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements the output plugin that outputs * PKCS7 for the issued certificate. - * + * * @version $Revision$, $Date$ */ -public class PKCS7Output extends EnrollOutput implements IProfileOutput { +public class PKCS7Output extends EnrollOutput implements IProfileOutput { public static final String VAL_PRETTY_CERT = "pretty_cert"; public static final String VAL_PKCS7 = "pkcs7"; @@ -63,7 +61,7 @@ public class PKCS7Output extends EnrollOutput implements IProfileOutput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -85,7 +83,7 @@ public class PKCS7Output extends EnrollOutput implements IProfileOutput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { } /** @@ -96,61 +94,61 @@ public class PKCS7Output extends EnrollOutput implements IProfileOutput { if (name.equals(VAL_PRETTY_CERT)) { return new Descriptor(IDescriptor.PRETTY_PRINT, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_CERT_PP")); + CMS.getUserMessage(locale, + "CMS_PROFILE_OUTPUT_CERT_PP")); } else if (name.equals(VAL_PKCS7)) { return new Descriptor(IDescriptor.PRETTY_PRINT, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_PKCS7_B64")); + CMS.getUserMessage(locale, + "CMS_PROFILE_OUTPUT_PKCS7_B64")); } return null; } public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { if (name.equals(VAL_PRETTY_CERT)) { X509CertImpl cert = request.getExtDataInCert( EnrollProfile.REQUEST_ISSUED_CERT); if (cert == null) - return null; - ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); + return null; + ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); return prettyCert.toString(locale); } else if (name.equals(VAL_PKCS7)) { try { - X509CertImpl cert = request.getExtDataInCert( - EnrollProfile.REQUEST_ISSUED_CERT); - if (cert == null) - return null; - - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem("ca"); - CertificateChain cachain = ca.getCACertChain(); - X509Certificate[] cacerts = cachain.getChain(); - - X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; - int m = 1, n = 0; - - for (; n < cacerts.length; m++, n++) { - userChain[m] = (X509CertImpl) cacerts[n]; - } - - userChain[0] = cert; - PKCS7 p7 = new PKCS7(new AlgorithmId[0], - new ContentInfo(new byte[0]), - userChain, - new SignerInfo[0]); - ByteArrayOutputStream bos = new ByteArrayOutputStream(); - - p7.encodeSignedData(bos); - byte[] p7Bytes = bos.toByteArray(); - String p7Str = CMS.BtoA(p7Bytes); - - return p7Str; + X509CertImpl cert = request.getExtDataInCert( + EnrollProfile.REQUEST_ISSUED_CERT); + if (cert == null) + return null; + + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem("ca"); + CertificateChain cachain = ca.getCACertChain(); + X509Certificate[] cacerts = cachain.getChain(); + + X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; + int m = 1, n = 0; + + for (; n < cacerts.length; m++, n++) { + userChain[m] = (X509CertImpl) cacerts[n]; + } + + userChain[0] = cert; + PKCS7 p7 = new PKCS7(new AlgorithmId[0], + new ContentInfo(new byte[0]), + userChain, + new SignerInfo[0]); + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + + p7.encodeSignedData(bos); + byte[] p7Bytes = bos.toByteArray(); + String p7Str = CMS.BtoA(p7Bytes); + + return p7Str; } catch (Exception e) { - return ""; + return ""; } } else { return null; diff --git a/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java index 90aa40a14..6bf03f436 100644 --- a/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java +++ b/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.output; - import java.util.Locale; import netscape.security.x509.X509CertImpl; @@ -33,14 +32,13 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements the output plugin that outputs * DER for the issued certificate for token keys - * + * * @version $Revision$, $Date$ */ -public class nsNKeyOutput extends EnrollOutput implements IProfileOutput { +public class nsNKeyOutput extends EnrollOutput implements IProfileOutput { public static final String VAL_DER = "der"; @@ -52,7 +50,7 @@ public class nsNKeyOutput extends EnrollOutput implements IProfileOutput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -74,7 +72,7 @@ public class nsNKeyOutput extends EnrollOutput implements IProfileOutput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { } /** @@ -85,24 +83,24 @@ public class nsNKeyOutput extends EnrollOutput implements IProfileOutput { if (name.equals(VAL_DER)) { return new Descriptor("der_b64", null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_DER_B64")); + CMS.getUserMessage(locale, + "CMS_PROFILE_OUTPUT_DER_B64")); } return null; } public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { if (name.equals(VAL_DER)) { try { - X509CertImpl cert = request.getExtDataInCert( - EnrollProfile.REQUEST_ISSUED_CERT); - if (cert == null) - return null; - return CMS.BtoA(cert.getEncoded()); + X509CertImpl cert = request.getExtDataInCert( + EnrollProfile.REQUEST_ISSUED_CERT); + if (cert == null) + return null; + return CMS.BtoA(cert.getEncoded()); } catch (Exception e) { - return ""; + return ""; } } else { return null; diff --git a/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java b/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java index 69803421a..928e36c2b 100644 --- a/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java +++ b/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java @@ -58,7 +58,7 @@ public class SubsystemGroupUpdater implements IProfileUpdater { private Vector mValueNames = new Vector(); private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = - "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; private final static String SIGNED_AUDIT_PASSWORD_VALUE = "********"; private final static String SIGNED_AUDIT_EMPTY_NAME_VALUE_PAIR = "Unknown"; private final static String SIGNED_AUDIT_NAME_VALUE_DELIMITER = ";;"; @@ -67,8 +67,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater { public SubsystemGroupUpdater() { } - public void init(IProfile profile, IConfigStore config) - throws EProfileException { + public void init(IProfile profile, IConfigStore config) + throws EProfileException { mConfig = config; mProfile = profile; mEnrollProfile = (EnrollProfile) profile; @@ -82,8 +82,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater { return null; } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { if (mConfig.getSubStore("params") == null) { // } else { @@ -108,8 +108,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater { return mConfig; } - public void update(IRequest req, RequestStatus status) - throws EProfileException { + public void update(IRequest req, RequestStatus status) + throws EProfileException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -124,33 +124,34 @@ public class SubsystemGroupUpdater implements IProfileUpdater { return; IConfigStore mainConfig = CMS.getConfigStore(); - - int num=0; + + int num = 0; try { num = mainConfig.getInteger("subsystem.count", 0); - } catch (Exception e) {} + } catch (Exception e) { + } IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID)); String requestor_name = "subsystem"; try { - requestor_name = req.getExtDataInString("requestor_name"); + requestor_name = req.getExtDataInString("requestor_name"); } catch (Exception e1) { - // ignore + // ignore } // i.e. tps-1.2.3.4-4 String id = requestor_name; - + num++; mainConfig.putInteger("subsystem.count", num); - + try { mainConfig.commit(false); } catch (Exception e) { } String auditParams = "Scope;;users+Operation;;OP_ADD+source;;SubsystemGroupUpdater" + - "+Resource;;"+ id + + "+Resource;;" + id + "+fullname;;" + id + "+state;;1" + "+userType;;agentType+email;;<null>+password;;<null>+phone;;<null>"; @@ -196,8 +197,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater { } auditParams = "Scope;;certs+Operation;;OP_ADD+source;;SubsystemGroupUpdater" + - "+Resource;;"+ id + - "+cert;;"+ b64; + "+Resource;;" + id + + "+cert;;" + b64; system.addUserCert(user); CMS.debug("SubsystemGroupUpdater update: successfully add the user certificate"); @@ -216,7 +217,7 @@ public class SubsystemGroupUpdater implements IProfileUpdater { ILogger.FAILURE, auditParams); audit(auditMessage); - throw new EProfileException(e.toString()); + throw new EProfileException(e.toString()); } } catch (Exception e) { CMS.debug("UpdateSubsystemGroup: update addUser " + e.toString()); @@ -232,17 +233,17 @@ public class SubsystemGroupUpdater implements IProfileUpdater { IGroup group = null; String groupName = "Subsystem Group"; auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;SubsystemGroupUpdater" + - "+Resource;;"+ groupName; + "+Resource;;" + groupName; try { group = system.getGroupFromName(groupName); - + auditParams += "+user;;"; Enumeration members = group.getMemberNames(); while (members.hasMoreElements()) { auditParams += (String) members.nextElement(); if (members.hasMoreElements()) { - auditParams +=","; + auditParams += ","; } } @@ -287,10 +288,10 @@ public class SubsystemGroupUpdater implements IProfileUpdater { } mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } private String auditSubjectID() { |