diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/profile')
91 files changed, 0 insertions, 24178 deletions
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java deleted file mode 100644 index 696d0cd13..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java +++ /dev/null @@ -1,1171 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.common; - -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.Locale; -import java.util.StringTokenizer; -import java.util.Vector; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.IAuthSubsystem; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.base.SessionContext; -import com.netscape.certsrv.common.NameValuePairs; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.ERejectException; -import com.netscape.certsrv.profile.IPolicyConstraint; -import com.netscape.certsrv.profile.IPolicyDefault; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfileAuthenticator; -import com.netscape.certsrv.profile.IProfileContext; -import com.netscape.certsrv.profile.IProfileInput; -import com.netscape.certsrv.profile.IProfileOutput; -import com.netscape.certsrv.profile.IProfilePolicy; -import com.netscape.certsrv.profile.IProfileSubsystem; -import com.netscape.certsrv.profile.IProfileUpdater; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.registry.IPluginInfo; -import com.netscape.certsrv.registry.IPluginRegistry; -import com.netscape.certsrv.request.IRequest; -import com.netscape.certsrv.request.RequestStatus; - -/** - * This class implements a basic profile. - * - * @version $Revision$, $Date$ - */ -public abstract class BasicProfile implements IProfile { - - public static final String PROP_ENABLE = "enable"; - public static final String PROP_ENABLE_BY = "enableBy"; - public static final String PROP_IS_RENEWAL = "renewal"; - public static final String PROP_XML_OUTPUT = "xmlOutput"; - public static final String PROP_VISIBLE = "visible"; - public static final String PROP_INPUT_LIST = "list"; - public static final String PROP_OUTPUT_LIST = "list"; - public static final String PROP_UPDATER_LIST = "list"; - public static final String PROP_POLICY_LIST = "list"; - public static final String PROP_DEFAULT = "default"; - public static final String PROP_CONSTRAINT = "constraint"; - public static final String PROP_INPUT = "input"; - public static final String PROP_OUTPUT = "output"; - public static final String PROP_CLASS_ID = "class_id"; - public static final String PROP_INSTANCE_ID = "instance_id"; - public static final String PROP_PARAMS = "params"; - public static final String PROP_NAME = "name"; - public static final String PROP_DESC = "desc"; - public static final String PROP_NO_DEFAULT = "noDefaultImpl"; - public static final String PROP_NO_CONSTRAINT = "noConstraintImpl"; - public static final String PROP_GENERIC_EXT_DEFAULT = "genericExtDefaultImpl"; - - protected IProfileSubsystem mOwner = null; - protected IConfigStore mConfig = null; - protected IPluginRegistry mRegistry = null; - - protected Vector<String> mInputNames = new Vector<String>(); - protected Hashtable<String, IProfileInput> mInputs = new Hashtable<String, IProfileInput>(); - protected Vector<String> mInputIds = new Vector<String>(); - protected Hashtable<String, IProfileOutput> mOutputs = new Hashtable<String, IProfileOutput>(); - protected Vector<String> mOutputIds = new Vector<String>(); - protected Hashtable<String, IProfileUpdater> mUpdaters = new Hashtable<String, IProfileUpdater>(); - protected Vector<String> mUpdaterIds = new Vector<String>(); - protected IProfileAuthenticator mAuthenticator = null; - protected String mAuthInstanceId = null; - protected String mId = null; - protected String mAuthzAcl = ""; - - protected Hashtable<String, Vector<ProfilePolicy>> mPolicySet = new Hashtable<String, Vector<ProfilePolicy>>(); - - protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); - - public BasicProfile() { - } - - public boolean isEnable() { - try { - return mConfig.getBoolean(PROP_ENABLE, false); - } catch (EBaseException e) { - return false; - } - } - - public String isRenewal() { - try { - return mConfig.getString(PROP_IS_RENEWAL, "false"); - } catch (EBaseException e) { - return "false"; - } - } - - public String isXmlOutput() { - try { - return mConfig.getString(PROP_XML_OUTPUT, "false"); - } catch (EBaseException e) { - return "false"; - } - } - - public String getApprovedBy() { - try { - return mConfig.getString(PROP_ENABLE_BY, ""); - } catch (EBaseException e) { - return ""; - } - } - - public void setId(String id) { - mId = id; - } - - public String getId() { - return mId; - } - - public IProfileAuthenticator getAuthenticator() throws EProfileException { - try { - IAuthSubsystem authSub = (IAuthSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); - IProfileAuthenticator auth = (IProfileAuthenticator) - authSub.get(mAuthInstanceId); - - if (mAuthInstanceId != null && mAuthInstanceId.length() > 0 - && auth == null) { - throw new EProfileException("Cannot load " + - mAuthInstanceId); - } - return auth; - } catch (Exception e) { - if (mAuthInstanceId != null) { - throw new EProfileException("Cannot load " + - mAuthInstanceId); - } - return null; - } - } - - public String getRequestorDN(IRequest request) { - return null; - } - - public String getAuthenticatorId() { - return mAuthInstanceId; - } - - public void setAuthenticatorId(String id) { - mAuthInstanceId = id; - mConfig.putString("auth." + PROP_INSTANCE_ID, id); - } - - public String getAuthzAcl() { - return mAuthzAcl; - } - - /** - * Initializes this profile. - */ - public void init(IProfileSubsystem owner, IConfigStore config) - throws EBaseException { - CMS.debug("BasicProfile: start init"); - mOwner = owner; - mConfig = config; - - mRegistry = (IPluginRegistry) CMS.getSubsystem(CMS.SUBSYSTEM_REGISTRY); - - // Configure File Formats: - // visible - // auth.class_id=NoAuthImpl - // auth.params.x1=x1 - // input.list=i1,i2,... - // input.i1.class=com.netscape.cms.profile.input.CertReqInput - // input.i1.params.x1=x1 - // policy.list=p1,p2,... - // policy.p1.enable=true - // policy.p1.default.class=com.netscape.cms.profile.defaults.SubjectName - // policy.p1.default.params.x1=x1 - // policy.p1.default.params.x2=x2 - // policy.p1.constraint.class= ... .cms.profile.constraints.ValidityRange - // policy.p1.constraint.params.x1=x1 - // policy.p1.constraint.params.x2=x2 - - // handle profile authentication plugins - try { - mAuthInstanceId = config.getString("auth." + PROP_INSTANCE_ID, null); - mAuthzAcl = config.getString("authz.acl", ""); - } catch (EBaseException e) { - CMS.debug("BasicProfile: authentication class not found " + - e.toString()); - } - - // handle profile input plugins - IConfigStore inputStore = config.getSubStore("input"); - String input_list = inputStore.getString(PROP_INPUT_LIST, ""); - StringTokenizer input_st = new StringTokenizer(input_list, ","); - - while (input_st.hasMoreTokens()) { - String input_id = input_st.nextToken(); - String inputClassId = inputStore.getString(input_id + "." + - PROP_CLASS_ID); - IPluginInfo inputInfo = mRegistry.getPluginInfo("profileInput", - inputClassId); - String inputClass = inputInfo.getClassName(); - - IProfileInput input = null; - - try { - input = (IProfileInput) - Class.forName(inputClass).newInstance(); - } catch (Exception e) { - // throw Exception - CMS.debug("BasicProfile: input plugin Class.forName " + - inputClass + " " + e.toString()); - throw new EBaseException(e.toString()); - } - IConfigStore inputConfig = inputStore.getSubStore(input_id); - input.init(this, inputConfig); - mInputs.put(input_id, input); - mInputIds.addElement(input_id); - } - - // handle profile output plugins - IConfigStore outputStore = config.getSubStore("output"); - String output_list = outputStore.getString(PROP_OUTPUT_LIST, ""); - StringTokenizer output_st = new StringTokenizer(output_list, ","); - - while (output_st.hasMoreTokens()) { - String output_id = output_st.nextToken(); - - String outputClassId = outputStore.getString(output_id + "." + - PROP_CLASS_ID); - IPluginInfo outputInfo = mRegistry.getPluginInfo("profileOutput", - outputClassId); - String outputClass = outputInfo.getClassName(); - - IProfileOutput output = null; - - try { - output = (IProfileOutput) - Class.forName(outputClass).newInstance(); - } catch (Exception e) { - // throw Exception - CMS.debug("BasicProfile: output plugin Class.forName " + - outputClass + " " + e.toString()); - throw new EBaseException(e.toString()); - } - IConfigStore outputConfig = outputStore.getSubStore(output_id); - output.init(this, outputConfig); - mOutputs.put(output_id, output); - mOutputIds.addElement(output_id); - } - - // handle profile output plugins - IConfigStore updaterStore = config.getSubStore("updater"); - String updater_list = updaterStore.getString(PROP_UPDATER_LIST, ""); - StringTokenizer updater_st = new StringTokenizer(updater_list, ","); - - while (updater_st.hasMoreTokens()) { - String updater_id = updater_st.nextToken(); - - String updaterClassId = updaterStore.getString(updater_id + "." + - PROP_CLASS_ID); - IPluginInfo updaterInfo = mRegistry.getPluginInfo("profileUpdater", - updaterClassId); - String updaterClass = updaterInfo.getClassName(); - - IProfileUpdater updater = null; - - try { - updater = (IProfileUpdater) - Class.forName(updaterClass).newInstance(); - } catch (Exception e) { - // throw Exception - CMS.debug("BasicProfile: updater plugin Class.forName " + - updaterClass + " " + e.toString()); - throw new EBaseException(e.toString()); - } - IConfigStore updaterConfig = updaterStore.getSubStore(updater_id); - updater.init(this, updaterConfig); - mUpdaters.put(updater_id, updater); - mUpdaterIds.addElement(updater_id); - } - - // handle profile policy plugins - IConfigStore policySetStore = config.getSubStore("policyset"); - String setlist = policySetStore.getString("list", ""); - StringTokenizer st = new StringTokenizer(setlist, ","); - - while (st.hasMoreTokens()) { - String setId = st.nextToken(); - - IConfigStore policyStore = policySetStore.getSubStore(setId); - String list = policyStore.getString(PROP_POLICY_LIST, ""); - StringTokenizer st1 = new StringTokenizer(list, ","); - - while (st1.hasMoreTokens()) { - String id = st1.nextToken(); - - String defaultRoot = id + "." + PROP_DEFAULT; - String defaultClassId = policyStore.getString(defaultRoot + "." + - PROP_CLASS_ID); - - String constraintRoot = id + "." + PROP_CONSTRAINT; - String constraintClassId = - policyStore.getString(constraintRoot + "." + PROP_CLASS_ID); - - createProfilePolicy(setId, id, defaultClassId, - constraintClassId, false); - } - } - CMS.debug("BasicProfile: done init"); - } - - public IConfigStore getConfigStore() { - return mConfig; - } - - public Enumeration<String> getInputNames() { - return mInputNames.elements(); - } - - public Enumeration<String> getProfileUpdaterIds() { - return mUpdaterIds.elements(); // ordered list - } - - public IProfileUpdater getProfileUpdater(String name) { - return mUpdaters.get(name); - } - - public Enumeration<String> getProfileOutputIds() { - return mOutputIds.elements(); // ordered list - } - - public IProfileOutput getProfileOutput(String name) { - return mOutputs.get(name); - } - - public Enumeration<String> getProfileInputIds() { - return mInputIds.elements(); // ordered list - } - - public IProfileInput getProfileInput(String name) { - return mInputs.get(name); - } - - public void addInputName(String name) { - mInputNames.addElement(name); - } - - public IDescriptor getInputDescriptor(String name) { - return null; - } - - public String getInput(String name, Locale locale, IRequest request) - throws EProfileException { - return null; - } - - public void setInput(String name, Locale locale, IRequest request, - String value) throws EProfileException { - } - - public Enumeration<String> getProfilePolicySetIds() { - return mPolicySet.keys(); - } - - public void deleteProfilePolicy(String setId, String policyId) - throws EProfileException { - Vector<ProfilePolicy> policies = mPolicySet.get(setId); - - if (policies == null) { - return; - } - try { - IConfigStore policySetSubStore = mConfig.getSubStore("policyset"); - IConfigStore policySubStore = policySetSubStore.getSubStore(setId); - - policySubStore.removeSubStore(policyId); - String list = policySubStore.getString(PROP_POLICY_LIST, null); - StringTokenizer st = new StringTokenizer(list, ","); - String newlist = ""; - StringBuffer sb = new StringBuffer(); - - while (st.hasMoreTokens()) { - String e = st.nextToken(); - - if (!e.equals(policyId)) { - sb.append(e); - sb.append(","); - } - } - newlist = sb.toString(); - if (!newlist.equals("")) { - newlist = newlist.substring(0, newlist.length() - 1); - policySubStore.putString(PROP_POLICY_LIST, newlist); - } else { - policySetSubStore.removeSubStore(setId); - } - - int size = policies.size(); - - for (int i = 0; i < size; i++) { - ProfilePolicy policy = policies.elementAt(i); - String id = policy.getId(); - - if (id.equals(policyId)) { - policies.removeElementAt(i); - if (size == 1) { - mPolicySet.remove(setId); - String setlist = policySetSubStore.getString(PROP_POLICY_LIST, null); - StringTokenizer st1 = new StringTokenizer(setlist, ","); - String newlist1 = ""; - - while (st1.hasMoreTokens()) { - String e = st1.nextToken(); - - if (!e.equals(setId)) - newlist1 = newlist1 + e + ","; - } - if (!newlist1.equals("")) - newlist1 = newlist1.substring(0, newlist1.length() - 1); - policySetSubStore.putString(PROP_POLICY_LIST, newlist1); - } - break; - } - } - - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); - mConfig.commit(false); - } catch (Exception e) { - } - - } - - public void deleteProfileInput(String inputId) throws EProfileException { - try { - mConfig.removeSubStore("input." + inputId); - String list = mConfig.getString("input." + PROP_INPUT_LIST, null); - StringTokenizer st = new StringTokenizer(list, ","); - String newlist = ""; - StringBuffer sb = new StringBuffer(); - - while (st.hasMoreTokens()) { - String e = st.nextToken(); - - if (!e.equals(inputId)) { - sb.append(e); - sb.append(","); - } - } - newlist = sb.toString(); - if (!newlist.equals("")) - newlist = newlist.substring(0, newlist.length() - 1); - - int size = mInputIds.size(); - - for (int i = 0; i < size; i++) { - String id = mInputIds.elementAt(i); - - if (id.equals(inputId)) { - mInputIds.removeElementAt(i); - break; - } - } - - mInputs.remove(inputId); - mConfig.putString("input." + PROP_INPUT_LIST, newlist); - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); - mConfig.commit(false); - } catch (Exception e) { - } - } - - public void deleteProfileOutput(String outputId) throws EProfileException { - try { - mConfig.removeSubStore("output." + outputId); - String list = mConfig.getString("output." + PROP_OUTPUT_LIST, null); - StringTokenizer st = new StringTokenizer(list, ","); - String newlist = ""; - StringBuffer sb = new StringBuffer(); - - while (st.hasMoreTokens()) { - String e = st.nextToken(); - - if (!e.equals(outputId)) { - sb.append(e); - sb.append(","); - } - } - newlist = sb.toString(); - if (!newlist.equals("")) - newlist = newlist.substring(0, newlist.length() - 1); - - int size = mOutputIds.size(); - - for (int i = 0; i < size; i++) { - String id = mOutputIds.elementAt(i); - - if (id.equals(outputId)) { - mOutputIds.removeElementAt(i); - break; - } - } - - mOutputs.remove(outputId); - mConfig.putString("output." + PROP_OUTPUT_LIST, newlist); - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); - mConfig.commit(false); - } catch (Exception e) { - } - } - - public IProfileOutput createProfileOutput(String id, String outputId, - NameValuePairs nvps) - throws EProfileException { - return createProfileOutput(id, outputId, nvps, true); - } - - public IProfileOutput createProfileOutput(String id, String outputId, - NameValuePairs nvps, boolean createConfig) - - throws EProfileException { - IConfigStore outputStore = mConfig.getSubStore("output"); - - IPluginInfo outputInfo = mRegistry.getPluginInfo("profileOutput", - outputId); - - if (outputInfo == null) { - CMS.debug("Cannot find " + outputId); - throw new EProfileException("Cannot find " + outputId); - } - String outputClass = outputInfo.getClassName(); - - CMS.debug("BasicProfile: loading output class " + outputClass); - IProfileOutput output = null; - - try { - output = (IProfileOutput) - Class.forName(outputClass).newInstance(); - } catch (Exception e) { - // throw Exception - CMS.debug(e.toString()); - } - if (output == null) { - CMS.debug("BasicProfile: failed to create " + outputClass); - } else { - CMS.debug("BasicProfile: initing " + id + " output"); - - CMS.debug("BasicProfile: outputStore " + outputStore); - output.init(this, outputStore); - - mOutputs.put(id, output); - mOutputIds.addElement(id); - } - - if (createConfig) { - String list = null; - - try { - list = outputStore.getString(PROP_OUTPUT_LIST, null); - } catch (EBaseException e) { - } - if (list == null || list.equals("")) { - outputStore.putString(PROP_OUTPUT_LIST, id); - } else { - StringTokenizer st1 = new StringTokenizer(list, ","); - - while (st1.hasMoreTokens()) { - String pid = st1.nextToken(); - - if (pid.equals(id)) { - throw new EProfileException("Duplicate output id: " + id); - } - } - outputStore.putString(PROP_OUTPUT_LIST, list + "," + id); - } - String prefix = id + "."; - - outputStore.putString(prefix + "name", - outputInfo.getName(Locale.getDefault())); - outputStore.putString(prefix + "class_id", outputId); - - for (String name : nvps.keySet()) { - - outputStore.putString(prefix + "params." + name, nvps.get(name)); - try { - if (output != null) { - output.setConfig(name, nvps.get(name)); - } - } catch (EBaseException e) { - CMS.debug(e.toString()); - } - } - - try { - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); - mConfig.commit(false); - } catch (EBaseException e) { - CMS.debug(e.toString()); - } - } - - return output; - } - - public IProfileInput createProfileInput(String id, String inputId, - NameValuePairs nvps) - throws EProfileException { - return createProfileInput(id, inputId, nvps, true); - } - - public IProfileInput createProfileInput(String id, String inputId, - NameValuePairs nvps, boolean createConfig) - throws EProfileException { - IConfigStore inputStore = mConfig.getSubStore("input"); - - IPluginInfo inputInfo = mRegistry.getPluginInfo("profileInput", - inputId); - - if (inputInfo == null) { - CMS.debug("Cannot find " + inputId); - throw new EProfileException("Cannot find " + inputId); - } - String inputClass = inputInfo.getClassName(); - - CMS.debug("BasicProfile: loading input class " + inputClass); - IProfileInput input = null; - - try { - input = (IProfileInput) - Class.forName(inputClass).newInstance(); - } catch (Exception e) { - // throw Exception - CMS.debug(e.toString()); - } - if (input == null) { - CMS.debug("BasicProfile: failed to create " + inputClass); - } else { - CMS.debug("BasicProfile: initing " + id + " input"); - - CMS.debug("BasicProfile: inputStore " + inputStore); - input.init(this, inputStore); - - mInputs.put(id, input); - mInputIds.addElement(id); - } - - if (createConfig) { - String list = null; - - try { - list = inputStore.getString(PROP_INPUT_LIST, null); - } catch (EBaseException e) { - } - if (list == null || list.equals("")) { - inputStore.putString(PROP_INPUT_LIST, id); - } else { - StringTokenizer st1 = new StringTokenizer(list, ","); - - while (st1.hasMoreTokens()) { - String pid = st1.nextToken(); - - if (pid.equals(id)) { - throw new EProfileException("Duplicate input id: " + id); - } - } - inputStore.putString(PROP_INPUT_LIST, list + "," + id); - } - String prefix = id + "."; - - inputStore.putString(prefix + "name", - inputInfo.getName(Locale.getDefault())); - inputStore.putString(prefix + "class_id", inputId); - - for (String name : nvps.keySet()) { - - inputStore.putString(prefix + "params." + name, nvps.get(name)); - try { - if (input != null) { - input.setConfig(name, nvps.get(name)); - } - } catch (EBaseException e) { - CMS.debug(e.toString()); - } - } - - try { - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); - mConfig.commit(false); - } catch (EBaseException e) { - CMS.debug(e.toString()); - } - } - - return input; - } - - /** - * Creates a profile policy - */ - public IProfilePolicy createProfilePolicy(String setId, String id, - String defaultClassId, String constraintClassId) - throws EProfileException { - return createProfilePolicy(setId, id, defaultClassId, - constraintClassId, true); - } - - public IProfilePolicy createProfilePolicy(String setId, String id, - String defaultClassId, String constraintClassId, - boolean createConfig) - throws EProfileException { - - // String setId ex: policyset.set1 - // String id Id of policy : examples: p1,p2,p3 - // String defaultClassId : id of the default plugin ex: validityDefaultImpl - // String constraintClassId : if of the constraint plugin ex: basicConstraintsExtConstraintImpl - // boolean createConfig : true : being called from the console. false: being called from server startup code - - Vector<ProfilePolicy> policies = mPolicySet.get(setId); - - IConfigStore policyStore = mConfig.getSubStore("policyset." + setId); - if (policies == null) { - policies = new Vector<ProfilePolicy>(); - mPolicySet.put(setId, policies); - if (createConfig) { - // re-create policyset.list - StringBuffer setlist = new StringBuffer(); - Enumeration<String> keys = mPolicySet.keys(); - - while (keys.hasMoreElements()) { - String k = keys.nextElement(); - - if (!(setlist.toString()).equals("")) { - setlist.append(","); - } - setlist.append(k); - } - mConfig.putString("policyset.list", setlist.toString()); - } - } else { - String ids = null; - - try { - ids = policyStore.getString(PROP_POLICY_LIST, ""); - } catch (Exception ee) { - } - - if (ids == null) { - CMS.debug("BasicProfile::createProfilePolicy() - ids is null!"); - return null; - } - - StringTokenizer st1 = new StringTokenizer(ids, ","); - int appearances = 0; - int appearancesTooMany = 0; - if (createConfig) - appearancesTooMany = 1; - else - appearancesTooMany = 2; - - while (st1.hasMoreTokens()) { - String pid = st1.nextToken(); - if (pid.equals(id)) { - appearances++; - if (appearances >= appearancesTooMany) { - CMS.debug("WARNING detected duplicate policy id: " + id + " Profile: " + mId); - if (createConfig) { - throw new EProfileException("Duplicate policy id: " + id); - } - } - } - } - } - - // Now make sure we aren't trying to add a policy that already exists - IConfigStore policySetStore = mConfig.getSubStore("policyset"); - String setlist = null; - try { - setlist = policySetStore.getString("list", ""); - } catch (Exception e) { - } - StringTokenizer st = new StringTokenizer(setlist, ","); - - int matches = 0; - while (st.hasMoreTokens()) { - String sId = st.nextToken(); - - //Only search the setId set. Ex: encryptionCertSet - if (!sId.equals(setId)) { - continue; - } - IConfigStore pStore = policySetStore.getSubStore(sId); - - String list = null; - try { - list = pStore.getString(PROP_POLICY_LIST, ""); - } catch (Exception e) { - CMS.debug("WARNING, can't get policy id list!"); - } - - StringTokenizer st1 = new StringTokenizer(list, ","); - - while (st1.hasMoreTokens()) { - String curId = st1.nextToken(); - - String defaultRoot = curId + "." + PROP_DEFAULT; - String curDefaultClassId = null; - try { - curDefaultClassId = pStore.getString(defaultRoot + "." + - PROP_CLASS_ID); - } catch (Exception e) { - CMS.debug("WARNING, can't get default plugin id!"); - } - - //Disallow duplicate defaults with the following exceptions: - // noDefaultImpl, genericExtDefaultImpl - - if ((curDefaultClassId.equals(defaultClassId) && - !curDefaultClassId.equals(PROP_NO_DEFAULT) && - !curDefaultClassId.equals(PROP_GENERIC_EXT_DEFAULT))) { - - matches++; - if (createConfig) { - if (matches == 1) { - CMS.debug("WARNING attempt to add duplicate Policy " - + defaultClassId + ":" + constraintClassId + - " Contact System Administrator."); - throw new EProfileException("Attempt to add duplicate Policy : " - + defaultClassId + ":" + constraintClassId); - } - } else { - if (matches > 1) { - CMS.debug("WARNING attempt to add duplicate Policy " - + defaultClassId + ":" + constraintClassId + - " Contact System Administrator."); - } - } - } - } - } - - String defaultRoot = id + "." + PROP_DEFAULT; - String constraintRoot = id + "." + PROP_CONSTRAINT; - IPluginInfo defInfo = mRegistry.getPluginInfo("defaultPolicy", - defaultClassId); - - if (defInfo == null) { - CMS.debug("BasicProfile: Cannot find " + defaultClassId); - throw new EProfileException("Cannot find " + defaultClassId); - } - String defaultClass = defInfo.getClassName(); - - CMS.debug("BasicProfile: loading default class " + defaultClass); - IPolicyDefault def = null; - - try { - def = (IPolicyDefault) - Class.forName(defaultClass).newInstance(); - } catch (Exception e) { - // throw Exception - CMS.debug("BasicProfile: default policy " + - defaultClass + " " + e.toString()); - } - if (def == null) { - CMS.debug("BasicProfile: failed to create " + defaultClass); - } else { - IConfigStore defStore = null; - - defStore = policyStore.getSubStore(defaultRoot); - def.init(this, defStore); - } - - IPluginInfo conInfo = mRegistry.getPluginInfo("constraintPolicy", - constraintClassId); - String constraintClass = conInfo.getClassName(); - IPolicyConstraint constraint = null; - - try { - constraint = (IPolicyConstraint) - Class.forName(constraintClass).newInstance(); - } catch (Exception e) { - // throw Exception - CMS.debug("BasicProfile: constraint policy " + - constraintClass + " " + e.toString()); - } - ProfilePolicy policy = null; - if (constraint == null) { - CMS.debug("BasicProfile: failed to create " + constraintClass); - } else { - IConfigStore conStore = null; - - conStore = policyStore.getSubStore(constraintRoot); - constraint.init(this, conStore); - policy = new ProfilePolicy(id, def, constraint); - policies.addElement(policy); - } - - if (createConfig) { - String list = null; - - try { - list = policyStore.getString(PROP_POLICY_LIST, null); - } catch (EBaseException e) { - } - if (list == null || list.equals("")) { - policyStore.putString(PROP_POLICY_LIST, id); - } else { - policyStore.putString(PROP_POLICY_LIST, list + "," + id); - } - policyStore.putString(id + ".default.name", - defInfo.getName(Locale.getDefault())); - policyStore.putString(id + ".default.class_id", - defaultClassId); - policyStore.putString(id + ".constraint.name", - conInfo.getName(Locale.getDefault())); - policyStore.putString(id + ".constraint.class_id", - constraintClassId); - try { - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); - policyStore.commit(false); - } catch (EBaseException e) { - CMS.debug("BasicProfile: commiting config store " + - e.toString()); - } - } - - return policy; - } - - public IProfilePolicy getProfilePolicy(String setId, String id) { - Vector<ProfilePolicy> policies = mPolicySet.get(setId); - - if (policies == null) - return null; - - for (int i = 0; i < policies.size(); i++) { - ProfilePolicy policy = policies.elementAt(i); - - if (policy.getId().equals(id)) { - return policy; - } - } - return null; - } - - public boolean isVisible() { - try { - return mConfig.getBoolean(PROP_VISIBLE, false); - } catch (EBaseException e) { - return false; - } - } - - public void setVisible(boolean v) { - mConfig.putBoolean(PROP_VISIBLE, v); - } - - /** - * Returns the profile name. - */ - public String getName(Locale locale) { - try { - return mConfig.getString(PROP_NAME, ""); - } catch (EBaseException e) { - return ""; - } - } - - public void setName(Locale locale, String name) { - mConfig.putString(PROP_NAME, name); - } - - public abstract IProfileContext createContext(); - - /** - * Creates request. - */ - public abstract IRequest[] createRequests(IProfileContext ctx, Locale locale) - throws EProfileException; - - /** - * Returns the profile description. - */ - public String getDescription(Locale locale) { - try { - return mConfig.getString(PROP_DESC, ""); - } catch (EBaseException e) { - return ""; - } - } - - public void setDescription(Locale locale, String desc) { - mConfig.putString(PROP_DESC, desc); - } - - public void populateInput(IProfileContext ctx, IRequest request) - throws EProfileException { - Enumeration<String> ids = getProfileInputIds(); - - while (ids.hasMoreElements()) { - String id = ids.nextElement(); - IProfileInput input = getProfileInput(id); - - input.populate(ctx, request); - } - } - - public Vector<ProfilePolicy> getPolicies(String setId) { - Vector<ProfilePolicy> policies = mPolicySet.get(setId); - - return policies; - } - - /** - * Passes the request to the set of default policies that - * populate the profile information against the profile. - */ - public void populate(IRequest request) - throws EProfileException { - String setId = getPolicySetId(request); - Vector<ProfilePolicy> policies = getPolicies(setId); - CMS.debug("BasicProfile: populate() policy setid =" + setId); - - for (int i = 0; i < policies.size(); i++) { - ProfilePolicy policy = policies.elementAt(i); - - policy.getDefault().populate(request); - } - } - - /** - * Passes the request to the set of constraint policies - * that validate the request against the profile. - */ - public void validate(IRequest request) - throws ERejectException { - String setId = getPolicySetId(request); - CMS.debug("BasicProfile: validate start on setId=" + setId); - Vector<ProfilePolicy> policies = getPolicies(setId); - - for (int i = 0; i < policies.size(); i++) { - ProfilePolicy policy = policies.elementAt(i); - - policy.getConstraint().validate(request); - } - CMS.debug("BasicProfile: change to pending state"); - request.setRequestStatus(RequestStatus.PENDING); - CMS.debug("BasicProfile: validate end"); - } - - public Enumeration<ProfilePolicy> getProfilePolicies(String setId) { - Vector<ProfilePolicy> policies = mPolicySet.get(setId); - - if (policies == null) - return null; - return policies.elements(); - } - - public Enumeration<String> getProfilePolicyIds(String setId) { - Vector<ProfilePolicy> policies = mPolicySet.get(setId); - - if (policies == null) - return null; - - Vector<String> v = new Vector<String>(); - - for (int i = 0; i < policies.size(); i++) { - ProfilePolicy policy = policies.elementAt(i); - - v.addElement(policy.getId()); - } - return v.elements(); - } - - public void execute(IRequest request) - throws EProfileException { - } - - /** - * Signed Audit Log - * - * This method is inherited by all extended "BasicProfile"s, - * and is called to store messages to the signed audit log. - * <P> - * - * @param msg signed audit log message - */ - protected void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); - } - - /** - * Signed Audit Log Subject ID - * - * This method is inherited by all extended "BasicProfile"s, - * and is called to obtain the "SubjectID" for - * a signed audit log message. - * <P> - * - * @return id string containing the signed audit log message SubjectID - */ - protected String auditSubjectID() { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } - - String subjectID = null; - - // Initialize subjectID - SessionContext auditContext = SessionContext.getExistingContext(); - - if (auditContext != null) { - subjectID = (String) - auditContext.get(SessionContext.USER_ID); - - if (subjectID != null) { - subjectID = subjectID.trim(); - } else { - subjectID = ILogger.NONROLEUSER; - } - } else { - subjectID = ILogger.UNIDENTIFIED; - } - - return subjectID; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java deleted file mode 100644 index b95b22339..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java +++ /dev/null @@ -1,107 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.common; - -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.common.NameValuePairs; -import com.netscape.certsrv.profile.IPolicyDefault; -import com.netscape.certsrv.profile.IProfileEx; -import com.netscape.certsrv.profile.IProfilePolicy; - -/** - * This class implements a Certificate Manager enrollment - * profile for CA Certificates. - * - * @version $Revision$, $Date$ - */ -public class CACertCAEnrollProfile extends CAEnrollProfile - implements IProfileEx { - - /** - * Called after initialization. It populates default - * policies, inputs, and outputs. - */ - public void populate() throws EBaseException { - // create inputs - NameValuePairs inputParams1 = new NameValuePairs(); - createProfileInput("i1", "certReqInputImpl", inputParams1); - NameValuePairs inputParams2 = new NameValuePairs(); - createProfileInput("i2", "submitterInfoInputImpl", inputParams2); - - // create outputs - NameValuePairs outputParams1 = new NameValuePairs(); - createProfileOutput("o1", "certOutputImpl", outputParams1); - - // create policies - createProfilePolicy("set1", "p1", - "userSubjectNameDefaultImpl", "noConstraintImpl"); - - IProfilePolicy policy2 = - createProfilePolicy("set1", "p2", - "validityDefaultImpl", "noConstraintImpl"); - IPolicyDefault def2 = policy2.getDefault(); - IConfigStore defConfig2 = def2.getConfigStore(); - defConfig2.putString("params.range", "180"); - defConfig2.putString("params.startTime", "0"); - - IProfilePolicy policy3 = - createProfilePolicy("set1", "p3", - "userKeyDefaultImpl", "noConstraintImpl"); - IPolicyDefault def3 = policy3.getDefault(); - IConfigStore defConfig3 = def3.getConfigStore(); - defConfig3.putString("params.keyType", "RSA"); - defConfig3.putString("params.keyMinLength", "512"); - defConfig3.putString("params.keyMaxLength", "4096"); - - IProfilePolicy policy4 = - createProfilePolicy("set1", "p4", - "signingAlgDefaultImpl", "noConstraintImpl"); - IPolicyDefault def4 = policy4.getDefault(); - IConfigStore defConfig4 = def4.getConfigStore(); - defConfig4.putString("params.signingAlg", "-"); - defConfig4.putString("params.signingAlgsAllowed", - "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA256withEC,SHA384withEC,SHA512withEC"); - - // extensions - IProfilePolicy policy5 = - createProfilePolicy("set1", "p5", - "keyUsageExtDefaultImpl", "noConstraintImpl"); - IPolicyDefault def5 = policy5.getDefault(); - IConfigStore defConfig5 = def5.getConfigStore(); - defConfig5.putString("params.keyUsageCritical", "true"); - defConfig5.putString("params.keyUsageCrlSign", "true"); - defConfig5.putString("params.keyUsageDataEncipherment", "false"); - defConfig5.putString("params.keyUsageDecipherOnly", "false"); - defConfig5.putString("params.keyUsageDigitalSignature", "true"); - defConfig5.putString("params.keyUsageEncipherOnly", "false"); - defConfig5.putString("params.keyUsageKeyAgreement", "false"); - defConfig5.putString("params.keyUsageKeyCertSign", "true"); - defConfig5.putString("params.keyUsageKeyEncipherment", "false"); - defConfig5.putString("params.keyUsageNonRepudiation", "true"); - - IProfilePolicy policy6 = - createProfilePolicy("set1", "p6", - "basicConstraintsExtDefaultImpl", "noConstraintImpl"); - IPolicyDefault def6 = policy6.getDefault(); - IConfigStore defConfig6 = def6.getConfigStore(); - defConfig6.putString("params.basicConstraintsPathLen", "-1"); - defConfig6.putString("params.basicConstraintsIsCA", "true"); - defConfig6.putString("params.basicConstraintsPathLen", "-1"); - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java deleted file mode 100644 index c03f90a4b..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java +++ /dev/null @@ -1,242 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.common; - -import java.util.Enumeration; - -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertImpl; -import netscape.security.x509.X509CertInfo; - -import org.mozilla.jss.pkix.crmf.PKIArchiveOptions; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authority.IAuthority; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.SessionContext; -import com.netscape.certsrv.ca.ICAService; -import com.netscape.certsrv.ca.ICertificateAuthority; -import com.netscape.certsrv.connector.IConnector; -import com.netscape.certsrv.logging.AuditFormat; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.ERejectException; -import com.netscape.certsrv.profile.IProfileUpdater; -import com.netscape.certsrv.request.IRequest; -import com.netscape.certsrv.request.RequestStatus; - -/** - * This class implements a Certificate Manager enrollment - * profile. - * - * @version $Revision$, $Date$ - */ -public class CAEnrollProfile extends EnrollProfile { - - private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4"; - - public CAEnrollProfile() { - super(); - } - - public IAuthority getAuthority() { - IAuthority authority = (IAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); - - if (authority == null) - return null; - return authority; - } - - public X500Name getIssuerName() { - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); - X500Name issuerName = ca.getX500Name(); - - return issuerName; - } - - public void execute(IRequest request) - throws EProfileException { - - long startTime = CMS.getCurrentDate().getTime(); - - if (!isEnable()) { - CMS.debug("CAEnrollProfile: Profile Not Enabled"); - throw new EProfileException("Profile Not Enabled"); - } - - String auditMessage = null; - String auditSubjectID = auditSubjectID(); - String auditRequesterID = auditRequesterID(request); - String auditArchiveID = ILogger.UNIDENTIFIED; - - String id = request.getRequestId().toString(); - if (id != null) { - auditArchiveID = id.trim(); - } - - CMS.debug("CAEnrollProfile: execute reqId=" + - request.getRequestId().toString()); - ICertificateAuthority ca = (ICertificateAuthority) getAuthority(); - ICAService caService = (ICAService) ca.getCAService(); - - if (caService == null) { - throw new EProfileException("No CA Service"); - } - - // if PKI Archive Option present, send this request - // to DRM - byte optionsData[] = request.getExtDataInByteArray(REQUEST_ARCHIVE_OPTIONS); - - // do not archive keys for renewal requests - if ((optionsData != null) && (!request.getRequestType().equals(IRequest.RENEWAL_REQUEST))) { - PKIArchiveOptions options = (PKIArchiveOptions) - toPKIArchiveOptions(optionsData); - - if (options != null) { - CMS.debug("CAEnrollProfile: execute found " + - "PKIArchiveOptions"); - try { - IConnector kraConnector = caService.getKRAConnector(); - - if (kraConnector == null) { - CMS.debug("CAEnrollProfile: KRA connector " + - "not configured"); - - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditArchiveID); - - audit(auditMessage); - - } else { - CMS.debug("CAEnrollProfile: execute send request"); - kraConnector.send(request); - - // check response - if (!request.isSuccess()) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditArchiveID); - - audit(auditMessage); - throw new ERejectException( - request.getError(getLocale(request))); - } - - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditArchiveID); - - audit(auditMessage); - } - } catch (Exception e) { - - if (e instanceof ERejectException) { - throw (ERejectException) e; - } - CMS.debug("CAEnrollProfile: " + e.toString()); - CMS.debug(e); - - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditArchiveID); - - audit(auditMessage); - throw new EProfileException(e.toString()); - } - } - } - - // process certificate issuance - X509CertInfo info = request.getExtDataInCertInfo(REQUEST_CERTINFO); - X509CertImpl theCert = null; - - // #615460 - added audit log (transaction) - SessionContext sc = SessionContext.getExistingContext(); - sc.put("profileId", getId()); - String setId = request.getExtDataInString("profileSetId"); - if (setId != null) { - sc.put("profileSetId", setId); - } - - try { - theCert = caService.issueX509Cert(info, getId() /* profileId */, - id /* requestId */); - } catch (EBaseException e) { - CMS.debug(e.toString()); - - throw new EProfileException(e.toString()); - } - request.setExtData(REQUEST_ISSUED_CERT, theCert); - - long endTime = CMS.getCurrentDate().getTime(); - - String initiative = AuditFormat.FROMAGENT - + " userID: " - + (String) sc.get(SessionContext.USER_ID); - String authMgr = (String) sc.get(SessionContext.AUTH_MANAGER_ID); - - ILogger logger = CMS.getLogger(); - if (logger != null) { - logger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, AuditFormat.LEVEL, AuditFormat.FORMAT, - new Object[] { - request.getRequestType(), - request.getRequestId(), - initiative, - authMgr, - "completed", - theCert.getSubjectDN(), - "cert issued serial number: 0x" + - theCert.getSerialNumber().toString(16) + - " time: " + (endTime - startTime) } - ); - } - - request.setRequestStatus(RequestStatus.COMPLETE); - - // notifies updater plugins - Enumeration<String> updaterIds = getProfileUpdaterIds(); - while (updaterIds.hasMoreElements()) { - String updaterId = updaterIds.nextElement(); - IProfileUpdater updater = getProfileUpdater(updaterId); - updater.update(request, RequestStatus.COMPLETE); - } - - // set value for predicate value - checking in getRule - if (CMS.isEncryptionCert(theCert)) - request.setExtData("isEncryptionCert", "true"); - else - request.setExtData("isEncryptionCert", "false"); - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java deleted file mode 100644 index d574f0f94..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java +++ /dev/null @@ -1,1468 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.common; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.math.BigInteger; -import java.security.InvalidKeyException; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.security.cert.CertificateException; -import java.util.Date; -import java.util.Enumeration; -import java.util.Locale; -import java.util.StringTokenizer; - -import netscape.security.pkcs.PKCS10; -import netscape.security.pkcs.PKCS10Attribute; -import netscape.security.pkcs.PKCS10Attributes; -import netscape.security.pkcs.PKCS9Attribute; -import netscape.security.util.DerInputStream; -import netscape.security.util.DerOutputStream; -import netscape.security.util.DerValue; -import netscape.security.util.ObjectIdentifier; -import netscape.security.x509.AlgorithmId; -import netscape.security.x509.CertificateAlgorithmId; -import netscape.security.x509.CertificateExtensions; -import netscape.security.x509.CertificateIssuerName; -import netscape.security.x509.CertificateSerialNumber; -import netscape.security.x509.CertificateSubjectName; -import netscape.security.x509.CertificateValidity; -import netscape.security.x509.CertificateVersion; -import netscape.security.x509.CertificateX509Key; -import netscape.security.x509.Extension; -import netscape.security.x509.Extensions; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertInfo; -import netscape.security.x509.X509Key; - -import org.mozilla.jss.CryptoManager; -import org.mozilla.jss.asn1.ASN1Util; -import org.mozilla.jss.asn1.ASN1Value; -import org.mozilla.jss.asn1.INTEGER; -import org.mozilla.jss.asn1.InvalidBERException; -import org.mozilla.jss.asn1.OBJECT_IDENTIFIER; -import org.mozilla.jss.asn1.OCTET_STRING; -import org.mozilla.jss.asn1.SEQUENCE; -import org.mozilla.jss.asn1.SET; -import org.mozilla.jss.crypto.CryptoToken; -import org.mozilla.jss.pkcs10.CertificationRequest; -import org.mozilla.jss.pkcs10.CertificationRequestInfo; -import org.mozilla.jss.pkix.cmc.LraPopWitness; -import org.mozilla.jss.pkix.cmc.OtherMsg; -import org.mozilla.jss.pkix.cmc.PKIData; -import org.mozilla.jss.pkix.cmc.TaggedAttribute; -import org.mozilla.jss.pkix.cmc.TaggedCertificationRequest; -import org.mozilla.jss.pkix.cmc.TaggedRequest; -import org.mozilla.jss.pkix.crmf.CertReqMsg; -import org.mozilla.jss.pkix.crmf.CertRequest; -import org.mozilla.jss.pkix.crmf.CertTemplate; -import org.mozilla.jss.pkix.crmf.PKIArchiveOptions; -import org.mozilla.jss.pkix.crmf.ProofOfPossession; -import org.mozilla.jss.pkix.primitive.AVA; -import org.mozilla.jss.pkix.primitive.Attribute; -import org.mozilla.jss.pkix.primitive.Name; -import org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.IAuthToken; -import com.netscape.certsrv.authentication.ISharedToken; -import com.netscape.certsrv.authority.IAuthority; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.EPropertyNotFound; -import com.netscape.certsrv.base.SessionContext; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.certsrv.profile.EDeferException; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.ERejectException; -import com.netscape.certsrv.profile.IEnrollProfile; -import com.netscape.certsrv.profile.IProfileContext; -import com.netscape.certsrv.request.IRequest; -import com.netscape.certsrv.request.IRequestQueue; -import com.netscape.cmsutil.util.HMACDigest; - -/** - * This class implements a generic enrollment profile. - * - * @version $Revision$, $Date$ - */ -public abstract class EnrollProfile extends BasicProfile - implements IEnrollProfile { - - private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST = - "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5"; - private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = - "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; - - private PKIData mCMCData; - - public EnrollProfile() { - super(); - } - - public abstract IAuthority getAuthority(); - - public IRequestQueue getRequestQueue() { - IAuthority authority = getAuthority(); - - return authority.getRequestQueue(); - } - - public IProfileContext createContext() { - return new EnrollProfileContext(); - } - - /** - * Creates request. - */ - public IRequest[] createRequests(IProfileContext context, Locale locale) - throws EProfileException { - EnrollProfileContext ctx = (EnrollProfileContext) context; - - // determine how many requests should be created - String cert_request_type = ctx.get(CTX_CERT_REQUEST_TYPE); - String cert_request = ctx.get(CTX_CERT_REQUEST); - String is_renewal = ctx.get(CTX_RENEWAL); - Integer renewal_seq_num = 0; - - /* cert_request_type can be null for the case of CMC */ - if (cert_request_type == null) { - CMS.debug("EnrollProfile: request type is null"); - } - - int num_requests = 1; // default to 1 request - - if (cert_request_type != null && cert_request_type.startsWith("pkcs10")) { - // catch for invalid request - parsePKCS10(locale, cert_request); - } - if (cert_request_type != null && cert_request_type.startsWith("crmf")) { - CertReqMsg msgs[] = parseCRMF(locale, cert_request); - - num_requests = msgs.length; - } - if (cert_request_type != null && cert_request_type.startsWith("cmc")) { - // catch for invalid request - TaggedRequest[] msgs = parseCMC(locale, cert_request); - if (msgs == null) - return null; - else - num_requests = msgs.length; - } - - // only 1 request for renewal - if ((is_renewal != null) && (is_renewal.equals("true"))) { - num_requests = 1; - String renewal_seq_num_str = ctx.get(CTX_RENEWAL_SEQ_NUM); - if (renewal_seq_num_str != null) { - renewal_seq_num = Integer.parseInt(renewal_seq_num_str); - } else { - renewal_seq_num = 0; - } - } - - // populate requests with appropriate content - IRequest result[] = new IRequest[num_requests]; - - for (int i = 0; i < num_requests; i++) { - result[i] = createEnrollmentRequest(); - if ((is_renewal != null) && (is_renewal.equals("true"))) { - result[i].setExtData(REQUEST_SEQ_NUM, renewal_seq_num); - } else { - result[i].setExtData(REQUEST_SEQ_NUM, Integer.valueOf(i)); - } - if (locale != null) { - result[i].setExtData(REQUEST_LOCALE, locale.getLanguage()); - } - } - return result; - } - - public abstract X500Name getIssuerName(); - - public void setDefaultCertInfo(IRequest req) throws EProfileException { - // create an empty certificate template so that - // default plugins that store stuff - X509CertInfo info = new X509CertInfo(); - - // retrieve issuer name - X500Name issuerName = getIssuerName(); - - byte[] dummykey = new byte[] { - 48, 92, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 1, 5, - 0, 3, 75, 0, 48, 72, 2, 65, 0, -65, 121, -119, -59, 105, 66, - -122, -78, -30, -64, 63, -47, 44, -48, -104, 103, -47, -108, - 42, -38, 46, -8, 32, 49, -29, -26, -112, -29, -86, 71, 24, - -104, 78, -31, -75, -128, 90, -92, -34, -51, -125, -13, 80, 101, - -78, 39, -119, -38, 117, 28, 67, -19, -71, -124, -85, 105, -53, - -103, -59, -67, -38, -83, 118, 65, 2, 3, 1, 0, 1 }; - // default values into x509 certinfo. This thing is - // not serializable by default - try { - info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); - info.set(X509CertInfo.SERIAL_NUMBER, - new CertificateSerialNumber(new BigInteger("0"))); - info.set(X509CertInfo.ISSUER, - new CertificateIssuerName(issuerName)); - info.set(X509CertInfo.KEY, - new CertificateX509Key(X509Key.parse(new DerValue(dummykey)))); - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(issuerName)); - info.set(X509CertInfo.VALIDITY, - new CertificateValidity(new Date(), new Date())); - info.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId( - AlgorithmId.getAlgorithmId("MD5withRSA"))); - - // add default extension container - info.set(X509CertInfo.EXTENSIONS, - new CertificateExtensions()); - } catch (Exception e) { - // throw exception - add key to template - CMS.debug("EnrollProfile: Building X509CertInfo - " + e.toString()); - throw new EProfileException(e.toString()); - } - req.setExtData(REQUEST_CERTINFO, info); - } - - public IRequest createEnrollmentRequest() - throws EProfileException { - IRequest req = null; - - try { - req = getRequestQueue().newRequest("enrollment"); - - setDefaultCertInfo(req); - - // put the certificate info into request - req.setExtData(REQUEST_EXTENSIONS, - new CertificateExtensions()); - - CMS.debug("EnrollProfile: createRequest " + - req.getRequestId().toString()); - } catch (EBaseException e) { - // raise exception - CMS.debug("EnrollProfile: create new enroll request " + - e.toString()); - } - - return req; - } - - public abstract void execute(IRequest request) - throws EProfileException; - - /** - * Perform simple policy set assignment. - */ - public String getPolicySetId(IRequest req) { - Integer seq = req.getExtDataInInteger(REQUEST_SEQ_NUM); - int seq_no = seq.intValue(); // start from 0 - - int count = 0; - Enumeration<String> setIds = getProfilePolicySetIds(); - - while (setIds.hasMoreElements()) { - String setId = (String) setIds.nextElement(); - - if (count == seq_no) { - return setId; - } - count++; - } - return null; - } - - public String getRequestorDN(IRequest request) { - X509CertInfo info = request.getExtDataInCertInfo(REQUEST_CERTINFO); - - try { - CertificateSubjectName sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); - - return sn.toString(); - } catch (Exception e) { - CMS.debug("EnrollProfile: getRequestDN " + e.toString()); - } - return null; - } - - /** - * This method is called after the user submits the - * request from the end-entity page. - */ - public void submit(IAuthToken token, IRequest request) - throws EDeferException, EProfileException { - // Request Submission Logic: - // - // if (Authentication Failed) { - // return Error - // } else { - // if (No Auth Token) { - // queue request - // } else { - // process request - // } - // } - - IAuthority authority = (IAuthority) - getAuthority(); - IRequestQueue queue = authority.getRequestQueue(); - - // this profile queues request that is authenticated - // by NoAuth - try { - queue.updateRequest(request); - } catch (EBaseException e) { - // save request to disk - CMS.debug("EnrollProfile: Update request " + e.toString()); - } - - if (token == null) { - CMS.debug("EnrollProfile: auth token is null"); - CMS.debug("EnrollProfile: validating request"); - validate(request); - try { - queue.updateRequest(request); - } catch (EBaseException e) { - CMS.debug("EnrollProfile: Update request (after validation) " + e.toString()); - } - - throw new EDeferException("defer request"); - } else { - // this profile executes request that is authenticated - // by non NoAuth - CMS.debug("EnrollProfile: auth token is not null"); - validate(request); - execute(request); - } - } - - public TaggedRequest[] parseCMC(Locale locale, String certreq) - throws EProfileException { - /* cert request must not be null */ - if (certreq == null) { - CMS.debug("EnrollProfile: parseCMC() certreq null"); - throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); - } - CMS.debug("EnrollProfile: Start parseCMC(): " + certreq); - - TaggedRequest msgs[] = null; - - String creq = normalizeCertReq(certreq); - try { - byte data[] = CMS.AtoB(creq); - ByteArrayInputStream cmcBlobIn = - new ByteArrayInputStream(data); - - org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo) - org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); - org.mozilla.jss.pkix.cms.SignedData cmcFullReq = - (org.mozilla.jss.pkix.cms.SignedData) cmcReq.getInterpretedContent(); - org.mozilla.jss.pkix.cms.EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); - OCTET_STRING content = ci.getContent(); - - ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray()); - PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s); - - mCMCData = pkiData; - //PKIData pkiData = (PKIData) - // (new PKIData.Template()).decode(cmcBlobIn); - SEQUENCE controlSeq = pkiData.getControlSequence(); - int numcontrols = controlSeq.size(); - SEQUENCE reqSeq = pkiData.getReqSequence(); - byte randomSeed[] = null; - SessionContext context = SessionContext.getContext(); - if (!context.containsKey("numOfControls")) { - if (numcontrols > 0) { - context.put("numOfControls", Integer.valueOf(numcontrols)); - TaggedAttribute[] attributes = new TaggedAttribute[numcontrols]; - for (int i = 0; i < numcontrols; i++) { - attributes[i] = (TaggedAttribute) controlSeq.elementAt(i); - OBJECT_IDENTIFIER oid = attributes[i].getType(); - if (oid.equals(OBJECT_IDENTIFIER.id_cmc_identityProof)) { - boolean valid = verifyIdentityProof(attributes[i], - reqSeq); - if (!valid) { - SEQUENCE bpids = getRequestBpids(reqSeq); - context.put("identityProof", bpids); - return null; - } - } else if (oid.equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkRandom)) { - SET vals = attributes[i].getValues(); - OCTET_STRING ostr = - (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); - randomSeed = ostr.toByteArray(); - } else { - context.put(attributes[i].getType(), attributes[i]); - } - } - } - } - - SEQUENCE otherMsgSeq = pkiData.getOtherMsgSequence(); - int numOtherMsgs = otherMsgSeq.size(); - if (!context.containsKey("numOfOtherMsgs")) { - context.put("numOfOtherMsgs", Integer.valueOf(numOtherMsgs)); - for (int i = 0; i < numOtherMsgs; i++) { - OtherMsg omsg = (OtherMsg) (ASN1Util.decode(OtherMsg.getTemplate(), - ASN1Util.encode(otherMsgSeq.elementAt(i)))); - context.put("otherMsg" + i, omsg); - } - } - - int nummsgs = reqSeq.size(); - if (nummsgs > 0) { - msgs = new TaggedRequest[reqSeq.size()]; - SEQUENCE bpids = new SEQUENCE(); - boolean valid = true; - for (int i = 0; i < nummsgs; i++) { - msgs[i] = (TaggedRequest) reqSeq.elementAt(i); - if (!context.containsKey("POPLinkWitness")) { - if (randomSeed != null) { - valid = verifyPOPLinkWitness(randomSeed, msgs[i], bpids); - if (!valid || bpids.size() > 0) { - context.put("POPLinkWitness", bpids); - return null; - } - } - } - } - } else - return null; - - return msgs; - } catch (Exception e) { - CMS.debug("EnrollProfile: parseCMC " + e.toString()); - throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); - } - } - - private boolean verifyPOPLinkWitness(byte[] randomSeed, TaggedRequest req, - SEQUENCE bpids) { - ISharedToken tokenClass = null; - boolean sharedSecretFound = true; - String name = null; - try { - name = CMS.getConfigStore().getString("cmc.sharedSecret.class"); - } catch (EPropertyNotFound e) { - CMS.debug("EnrollProfile: Failed to find the token class in the configuration file."); - sharedSecretFound = false; - } catch (EBaseException e) { - CMS.debug("EnrollProfile: Failed to find the token class in the configuration file."); - sharedSecretFound = false; - } - - try { - tokenClass = (ISharedToken) Class.forName(name).newInstance(); - } catch (ClassNotFoundException e) { - CMS.debug("EnrollProfile: Failed to find class name: " + name); - sharedSecretFound = false; - } catch (InstantiationException e) { - CMS.debug("EnrollProfile: Failed to instantiate class: " + name); - sharedSecretFound = false; - } catch (IllegalAccessException e) { - CMS.debug("EnrollProfile: Illegal access: " + name); - sharedSecretFound = false; - } - - INTEGER reqId = null; - byte[] bv = null; - String sharedSecret = null; - if (tokenClass != null) - sharedSecret = tokenClass.getSharedToken(mCMCData); - if (req.getType().equals(TaggedRequest.PKCS10)) { - TaggedCertificationRequest tcr = req.getTcr(); - if (!sharedSecretFound) { - bpids.addElement(tcr.getBodyPartID()); - return false; - } else { - CertificationRequest creq = tcr.getCertificationRequest(); - CertificationRequestInfo cinfo = creq.getInfo(); - SET attrs = cinfo.getAttributes(); - for (int j = 0; j < attrs.size(); j++) { - Attribute pkcs10Attr = (Attribute) attrs.elementAt(j); - if (pkcs10Attr.getType().equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) { - SET witnessVal = pkcs10Attr.getValues(); - if (witnessVal.size() > 0) { - try { - OCTET_STRING str = - (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(witnessVal.elementAt(0)))); - bv = str.toByteArray(); - return verifyDigest(sharedSecret.getBytes(), - randomSeed, bv); - } catch (InvalidBERException ex) { - return false; - } - } - } - } - - return false; - } - } else if (req.getType().equals(TaggedRequest.CRMF)) { - CertReqMsg crm = req.getCrm(); - CertRequest certReq = crm.getCertReq(); - reqId = certReq.getCertReqId(); - if (!sharedSecretFound) { - bpids.addElement(reqId); - return false; - } else { - for (int i = 0; i < certReq.numControls(); i++) { - AVA ava = certReq.controlAt(i); - - if (ava.getOID().equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) { - ASN1Value value = ava.getValue(); - ByteArrayInputStream bis = new ByteArrayInputStream( - ASN1Util.encode(value)); - OCTET_STRING ostr = null; - try { - ostr = (OCTET_STRING) - (new OCTET_STRING.Template()).decode(bis); - bv = ostr.toByteArray(); - } catch (Exception e) { - bpids.addElement(reqId); - return false; - } - - boolean valid = verifyDigest(sharedSecret.getBytes(), - randomSeed, bv); - if (!valid) { - bpids.addElement(reqId); - return valid; - } - } - } - } - } - - return true; - } - - private boolean verifyDigest(byte[] sharedSecret, byte[] text, byte[] bv) { - byte[] key = null; - try { - MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1"); - key = SHA1Digest.digest(sharedSecret); - } catch (NoSuchAlgorithmException ex) { - CMS.debug("EnrollProfile: No such algorithm for this message digest."); - return false; - } - - byte[] finalDigest = null; - try { - MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1"); - HMACDigest hmacDigest = new HMACDigest(SHA1Digest, key); - hmacDigest.update(text); - finalDigest = hmacDigest.digest(); - } catch (NoSuchAlgorithmException ex) { - CMS.debug("EnrollProfile: No such algorithm for this message digest."); - return false; - } - - if (finalDigest.length != bv.length) { - CMS.debug("EnrollProfile: The length of two HMAC digest are not the same."); - return false; - } - - for (int j = 0; j < bv.length; j++) { - if (bv[j] != finalDigest[j]) { - CMS.debug("EnrollProfile: The content of two HMAC digest are not the same."); - return false; - } - } - - CMS.debug("EnrollProfile: The content of two HMAC digest are the same."); - return true; - } - - private SEQUENCE getRequestBpids(SEQUENCE reqSeq) { - SEQUENCE bpids = new SEQUENCE(); - for (int i = 0; i < reqSeq.size(); i++) { - TaggedRequest req = (TaggedRequest) reqSeq.elementAt(i); - if (req.getType().equals(TaggedRequest.PKCS10)) { - TaggedCertificationRequest tcr = req.getTcr(); - bpids.addElement(tcr.getBodyPartID()); - } else if (req.getType().equals(TaggedRequest.CRMF)) { - CertReqMsg crm = req.getCrm(); - CertRequest request = crm.getCertReq(); - bpids.addElement(request.getCertReqId()); - } - } - - return bpids; - } - - private boolean verifyIdentityProof(TaggedAttribute attr, SEQUENCE reqSeq) { - SET vals = attr.getValues(); - if (vals.size() < 1) - return false; - String name = null; - try { - name = CMS.getConfigStore().getString("cmc.sharedSecret.class"); - } catch (EPropertyNotFound e) { - } catch (EBaseException e) { - } - - if (name == null) - return false; - else { - ISharedToken tokenClass = null; - try { - tokenClass = (ISharedToken) Class.forName(name).newInstance(); - } catch (ClassNotFoundException e) { - CMS.debug("EnrollProfile: Failed to find class name: " + name); - return false; - } catch (InstantiationException e) { - CMS.debug("EnrollProfile: Failed to instantiate class: " + name); - return false; - } catch (IllegalAccessException e) { - CMS.debug("EnrollProfile: Illegal access: " + name); - return false; - } - - String token = tokenClass.getSharedToken(mCMCData); - OCTET_STRING ostr = null; - try { - ostr = (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); - } catch (InvalidBERException e) { - CMS.debug("EnrollProfile: Failed to decode the byte value."); - return false; - } - byte[] b = ostr.toByteArray(); - byte[] text = ASN1Util.encode(reqSeq); - - return verifyDigest(token.getBytes(), text, b); - } - } - - public void fillTaggedRequest(Locale locale, TaggedRequest tagreq, X509CertInfo info, - IRequest req) - throws EProfileException { - TaggedRequest.Type type = tagreq.getType(); - - if (type.equals(TaggedRequest.PKCS10)) { - try { - TaggedCertificationRequest tcr = tagreq.getTcr(); - CertificationRequest p10 = tcr.getCertificationRequest(); - ByteArrayOutputStream ostream = new ByteArrayOutputStream(); - - p10.encode(ostream); - PKCS10 pkcs10 = new PKCS10(ostream.toByteArray()); - - req.setExtData("bodyPartId", tcr.getBodyPartID()); - fillPKCS10(locale, pkcs10, info, req); - } catch (Exception e) { - CMS.debug("EnrollProfile: fillTaggedRequest " + - e.toString()); - } - } else if (type.equals(TaggedRequest.CRMF)) { - CertReqMsg crm = tagreq.getCrm(); - SessionContext context = SessionContext.getContext(); - Integer nums = (Integer) (context.get("numOfControls")); - - // check if the LRA POP Witness Control attribute exists - if (nums != null && nums.intValue() > 0) { - TaggedAttribute attr = - (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness)); - if (attr != null) { - parseLRAPopWitness(locale, crm, attr); - } else { - CMS.debug("EnrollProfile: verify POP in CMC because LRA POP Witness control attribute doesnt exist in the CMC request."); - verifyPOP(locale, crm); - } - } else { - CMS.debug("EnrollProfile: verify POP in CMC because LRA POP Witness control attribute doesnt exist in the CMC request."); - verifyPOP(locale, crm); - } - - fillCertReqMsg(locale, crm, info, req); - } else { - throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); - } - } - - private void parseLRAPopWitness(Locale locale, CertReqMsg crm, - TaggedAttribute attr) throws EProfileException { - SET vals = attr.getValues(); - boolean donePOP = false; - INTEGER reqId = null; - if (vals.size() > 0) { - LraPopWitness lraPop = null; - try { - lraPop = (LraPopWitness) (ASN1Util.decode(LraPopWitness.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); - } catch (InvalidBERException e) { - throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR")); - } - - SEQUENCE bodyIds = lraPop.getBodyIds(); - reqId = crm.getCertReq().getCertReqId(); - - for (int i = 0; i < bodyIds.size(); i++) { - INTEGER num = (INTEGER) (bodyIds.elementAt(i)); - if (num.toString().equals(reqId.toString())) { - donePOP = true; - CMS.debug("EnrollProfile: skip POP for request: " - + reqId.toString() + " because LRA POP Witness control is found."); - break; - } - } - } - - if (!donePOP) { - CMS.debug("EnrollProfile: not skip POP for request: " - + reqId.toString() - + " because this request id is not part of the body list in LRA Pop witness control."); - verifyPOP(locale, crm); - } - } - - public CertReqMsg[] parseCRMF(Locale locale, String certreq) - throws EProfileException { - - /* cert request must not be null */ - if (certreq == null) { - CMS.debug("EnrollProfile: parseCRMF() certreq null"); - throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); - } - CMS.debug("EnrollProfile: Start parseCRMF(): " + certreq); - - CertReqMsg msgs[] = null; - String creq = normalizeCertReq(certreq); - try { - byte data[] = CMS.AtoB(creq); - ByteArrayInputStream crmfBlobIn = - new ByteArrayInputStream(data); - SEQUENCE crmfMsgs = (SEQUENCE) - new SEQUENCE.OF_Template(new - CertReqMsg.Template()).decode(crmfBlobIn); - int nummsgs = crmfMsgs.size(); - - if (nummsgs <= 0) - return null; - msgs = new CertReqMsg[crmfMsgs.size()]; - for (int i = 0; i < nummsgs; i++) { - msgs[i] = (CertReqMsg) crmfMsgs.elementAt(i); - } - return msgs; - } catch (Exception e) { - CMS.debug("EnrollProfile: parseCRMF " + e.toString()); - throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); - } - } - - private static final OBJECT_IDENTIFIER PKIARCHIVEOPTIONS_OID = - new OBJECT_IDENTIFIER(new long[] { 1, 3, 6, 1, 5, 5, 7, 5, 1, 4 } - ); - - protected PKIArchiveOptions getPKIArchiveOptions(AVA ava) { - ASN1Value archVal = ava.getValue(); - ByteArrayInputStream bis = new ByteArrayInputStream( - ASN1Util.encode(archVal)); - PKIArchiveOptions archOpts = null; - - try { - archOpts = (PKIArchiveOptions) - (new PKIArchiveOptions.Template()).decode(bis); - } catch (Exception e) { - CMS.debug("EnrollProfile: getPKIArchiveOptions " + e.toString()); - } - return archOpts; - } - - public PKIArchiveOptions toPKIArchiveOptions(byte options[]) { - ByteArrayInputStream bis = new ByteArrayInputStream(options); - PKIArchiveOptions archOpts = null; - - try { - archOpts = (PKIArchiveOptions) - (new PKIArchiveOptions.Template()).decode(bis); - } catch (Exception e) { - CMS.debug("EnrollProfile: toPKIArchiveOptions " + e.toString()); - } - return archOpts; - } - - public byte[] toByteArray(PKIArchiveOptions options) { - return ASN1Util.encode(options); - } - - public void fillCertReqMsg(Locale locale, CertReqMsg certReqMsg, X509CertInfo info, - IRequest req) - throws EProfileException { - try { - CMS.debug("Start parseCertReqMsg "); - CertRequest certReq = certReqMsg.getCertReq(); - req.setExtData("bodyPartId", certReq.getCertReqId()); - // handle PKIArchiveOption (key archival) - for (int i = 0; i < certReq.numControls(); i++) { - AVA ava = certReq.controlAt(i); - - if (ava.getOID().equals(PKIARCHIVEOPTIONS_OID)) { - PKIArchiveOptions opt = getPKIArchiveOptions(ava); - - //req.set(REQUEST_ARCHIVE_OPTIONS, opt); - req.setExtData(REQUEST_ARCHIVE_OPTIONS, - toByteArray(opt)); - } - } - - CertTemplate certTemplate = certReq.getCertTemplate(); - - // parse key - SubjectPublicKeyInfo spki = certTemplate.getPublicKey(); - ByteArrayOutputStream keyout = new ByteArrayOutputStream(); - - spki.encode(keyout); - byte[] keybytes = keyout.toByteArray(); - X509Key key = new X509Key(); - - key.decode(keybytes); - - // XXX - kmccarth - this may simply undo the decoding above - // but for now it's unclear whether X509Key - // changest the format when decoding. - CertificateX509Key certKey = new CertificateX509Key(key); - ByteArrayOutputStream certKeyOut = new ByteArrayOutputStream(); - certKey.encode(certKeyOut); - req.setExtData(REQUEST_KEY, certKeyOut.toByteArray()); - - // parse validity - if (certTemplate.getNotBefore() != null || - certTemplate.getNotAfter() != null) { - CMS.debug("EnrollProfile: requested notBefore: " + certTemplate.getNotBefore()); - CMS.debug("EnrollProfile: requested notAfter: " + certTemplate.getNotAfter()); - CMS.debug("EnrollProfile: current CA time: " + new Date()); - CertificateValidity certValidity = new CertificateValidity( - certTemplate.getNotBefore(), certTemplate.getNotAfter()); - ByteArrayOutputStream certValidityOut = - new ByteArrayOutputStream(); - certValidity.encode(certValidityOut); - req.setExtData(REQUEST_VALIDITY, certValidityOut.toByteArray()); - } else { - CMS.debug("EnrollProfile: validity not supplied"); - } - - // parse subject - if (certTemplate.hasSubject()) { - Name subjectdn = certTemplate.getSubject(); - ByteArrayOutputStream subjectEncStream = - new ByteArrayOutputStream(); - - subjectdn.encode(subjectEncStream); - byte[] subjectEnc = subjectEncStream.toByteArray(); - X500Name subject = new X500Name(subjectEnc); - - //info.set(X509CertInfo.SUBJECT, - // new CertificateSubjectName(subject)); - - req.setExtData(REQUEST_SUBJECT_NAME, - new CertificateSubjectName(subject)); - try { - String subjectCN = subject.getCommonName(); - if (subjectCN == null) - subjectCN = ""; - req.setExtData(REQUEST_SUBJECT_NAME + ".cn", subjectCN); - } catch (Exception ee) { - req.setExtData(REQUEST_SUBJECT_NAME + ".cn", ""); - } - try { - String subjectUID = subject.getUserID(); - if (subjectUID == null) - subjectUID = ""; - req.setExtData(REQUEST_SUBJECT_NAME + ".uid", subjectUID); - } catch (Exception ee) { - req.setExtData(REQUEST_SUBJECT_NAME + ".uid", ""); - } - } - - // parse extensions - CertificateExtensions extensions = null; - - // try { - extensions = req.getExtDataInCertExts(REQUEST_EXTENSIONS); - // } catch (CertificateException e) { - // extensions = null; - // } catch (IOException e) { - // extensions = null; - // } - if (certTemplate.hasExtensions()) { - // put each extension from CRMF into CertInfo. - // index by extension name, consistent with - // CertificateExtensions.parseExtension() method. - if (extensions == null) - extensions = new CertificateExtensions(); - int numexts = certTemplate.numExtensions(); - - for (int j = 0; j < numexts; j++) { - org.mozilla.jss.pkix.cert.Extension jssext = - certTemplate.extensionAt(j); - boolean isCritical = jssext.getCritical(); - org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = - jssext.getExtnId(); - long[] numbers = jssoid.getNumbers(); - int[] oidNumbers = new int[numbers.length]; - - for (int k = numbers.length - 1; k >= 0; k--) { - oidNumbers[k] = (int) numbers[k]; - } - ObjectIdentifier oid = - new ObjectIdentifier(oidNumbers); - org.mozilla.jss.asn1.OCTET_STRING jssvalue = - jssext.getExtnValue(); - ByteArrayOutputStream jssvalueout = - new ByteArrayOutputStream(); - - jssvalue.encode(jssvalueout); - byte[] extValue = jssvalueout.toByteArray(); - - Extension ext = - new Extension(oid, isCritical, extValue); - - extensions.parseExtension(ext); - } - // info.set(X509CertInfo.EXTENSIONS, extensions); - req.setExtData(REQUEST_EXTENSIONS, extensions); - - } - } catch (IOException e) { - CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString()); - throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); - } catch (InvalidKeyException e) { - CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString()); - throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); - // } catch (CertificateException e) { - // CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString()); - // throw new EProfileException(e.toString()); - } - } - - public PKCS10 parsePKCS10(Locale locale, String certreq) - throws EProfileException { - /* cert request must not be null */ - if (certreq == null) { - CMS.debug("EnrollProfile:parsePKCS10() certreq null"); - throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); - } - CMS.debug("Start parsePKCS10(): " + certreq); - - // trim header and footer - String creq = normalizeCertReq(certreq); - - // parse certificate into object - byte data[] = CMS.AtoB(creq); - PKCS10 pkcs10 = null; - CryptoManager cm = null; - CryptoToken savedToken = null; - boolean sigver = true; - - try { - cm = CryptoManager.getInstance(); - sigver = CMS.getConfigStore().getBoolean("ca.requestVerify.enabled", true); - if (sigver) { - CMS.debug("EnrollProfile: parsePKCS10: signature verification enabled"); - String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", "internal"); - savedToken = cm.getThreadToken(); - CryptoToken signToken = null; - if (tokenName.equals("internal")) { - CMS.debug("EnrollProfile: parsePKCS10: use internal token"); - signToken = cm.getInternalCryptoToken(); - } else { - CMS.debug("EnrollProfile: parsePKCS10: tokenName=" + tokenName); - signToken = cm.getTokenByName(tokenName); - } - CMS.debug("EnrollProfile: parsePKCS10 setting thread token"); - cm.setThreadToken(signToken); - pkcs10 = new PKCS10(data); - } else { - CMS.debug("EnrollProfile: parsePKCS10: signature verification disabled"); - pkcs10 = new PKCS10(data, sigver); - } - } catch (Exception e) { - CMS.debug("EnrollProfile: parsePKCS10 " + e.toString()); - throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); - } finally { - if (sigver) { - CMS.debug("EnrollProfile: parsePKCS10 restoring thread token"); - cm.setThreadToken(savedToken); - } - } - - return pkcs10; - } - - public void fillPKCS10(Locale locale, PKCS10 pkcs10, X509CertInfo info, IRequest req) - throws EProfileException { - X509Key key = pkcs10.getSubjectPublicKeyInfo(); - - try { - CertificateX509Key certKey = new CertificateX509Key(key); - ByteArrayOutputStream certKeyOut = new ByteArrayOutputStream(); - certKey.encode(certKeyOut); - req.setExtData(IEnrollProfile.REQUEST_KEY, certKeyOut.toByteArray()); - - req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME, - new CertificateSubjectName(pkcs10.getSubjectName())); - try { - String subjectCN = pkcs10.getSubjectName().getCommonName(); - if (subjectCN == null) - subjectCN = ""; - req.setExtData(REQUEST_SUBJECT_NAME + ".cn", subjectCN); - } catch (Exception ee) { - req.setExtData(REQUEST_SUBJECT_NAME + ".cn", ""); - } - try { - String subjectUID = pkcs10.getSubjectName().getUserID(); - if (subjectUID == null) - subjectUID = ""; - req.setExtData(REQUEST_SUBJECT_NAME + ".uid", subjectUID); - } catch (Exception ee) { - req.setExtData(REQUEST_SUBJECT_NAME + ".uid", ""); - } - - info.set(X509CertInfo.KEY, certKey); - - PKCS10Attributes p10Attrs = pkcs10.getAttributes(); - if (p10Attrs != null) { - PKCS10Attribute p10Attr = (PKCS10Attribute) - (p10Attrs.getAttribute(CertificateExtensions.NAME)); - if (p10Attr != null && p10Attr.getAttributeId().equals( - PKCS9Attribute.EXTENSION_REQUEST_OID)) { - CMS.debug("Found PKCS10 extension"); - Extensions exts0 = (Extensions) - (p10Attr.getAttributeValue()); - DerOutputStream extOut = new DerOutputStream(); - - exts0.encode(extOut); - byte[] extB = extOut.toByteArray(); - DerInputStream extIn = new DerInputStream(extB); - CertificateExtensions exts = new CertificateExtensions(extIn); - if (exts != null) { - CMS.debug("Set extensions " + exts); - // info.set(X509CertInfo.EXTENSIONS, exts); - req.setExtData(REQUEST_EXTENSIONS, exts); - } - } else { - CMS.debug("PKCS10 extension Not Found"); - } - } - - CMS.debug("Finish parsePKCS10 - " + pkcs10.getSubjectName()); - } catch (IOException e) { - CMS.debug("EnrollProfile: fillPKCS10 " + e.toString()); - throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); - } catch (CertificateException e) { - CMS.debug("EnrollProfile: fillPKCS10 " + e.toString()); - throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); - } - } - - // for netkey - public void fillNSNKEY(Locale locale, String sn, String skey, X509CertInfo info, IRequest req) - throws EProfileException { - - try { - //cfu - is the algorithm going to be replaced by the policy? - X509Key key = new X509Key(); - key.decode(CMS.AtoB(skey)); - - info.set(X509CertInfo.KEY, new CertificateX509Key(key)); - // req.set(EnrollProfile.REQUEST_SUBJECT_NAME, - // new CertificateSubjectName(new - // X500Name("CN="+sn))); - req.setExtData("screenname", sn); - // keeping "aoluid" to be backward compatible - req.setExtData("aoluid", sn); - req.setExtData("uid", sn); - CMS.debug("EnrollPrifile: fillNSNKEY(): uid=" + sn); - - } catch (Exception e) { - CMS.debug("EnrollProfile: fillNSNKEY(): " + e.toString()); - throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); - } - } - - // for house key - public void fillNSHKEY(Locale locale, String tcuid, String skey, X509CertInfo info, IRequest req) - throws EProfileException { - - try { - //cfu - is the algorithm going to be replaced by the policy? - X509Key key = new X509Key(); - key.decode(CMS.AtoB(skey)); - - info.set(X509CertInfo.KEY, new CertificateX509Key(key)); - // req.set(EnrollProfile.REQUEST_SUBJECT_NAME, - // new CertificateSubjectName(new - // X500Name("CN="+sn))); - req.setExtData("tokencuid", tcuid); - - CMS.debug("EnrollPrifile: fillNSNKEY(): tokencuid=" + tcuid); - - } catch (Exception e) { - CMS.debug("EnrollProfile: fillNSHKEY(): " + e.toString()); - throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); - } - } - - public DerInputStream parseKeyGen(Locale locale, String certreq) - throws EProfileException { - byte data[] = CMS.AtoB(certreq); - - DerInputStream derIn = new DerInputStream(data); - - return derIn; - } - - public void fillKeyGen(Locale locale, DerInputStream derIn, X509CertInfo info, IRequest req - ) - throws EProfileException { - try { - - /* get SPKAC Algorithm & Signature */ - DerValue derSPKACContent[] = derIn.getSequence(3); - @SuppressWarnings("unused") - AlgorithmId mAlgId = AlgorithmId.parse(derSPKACContent[1]); - @SuppressWarnings("unused") - byte mSignature[] = derSPKACContent[2].getBitString(); - - /* get PKAC SPKI & Challenge */ - byte mPKAC[] = derSPKACContent[0].toByteArray(); - - derIn = new DerInputStream(mPKAC); - DerValue derPKACContent[] = derIn.getSequence(2); - - @SuppressWarnings("unused") - DerValue mDerSPKI = derPKACContent[0]; - X509Key mSPKI = X509Key.parse(derPKACContent[0]); - - @SuppressWarnings("unused") - String mChallenge; - DerValue mDerChallenge = derPKACContent[1]; - - if (mDerChallenge.length() != 0) - mChallenge = derPKACContent[1].getIA5String(); - - CertificateX509Key certKey = new CertificateX509Key(mSPKI); - ByteArrayOutputStream certKeyOut = new ByteArrayOutputStream(); - certKey.encode(certKeyOut); - req.setExtData(IEnrollProfile.REQUEST_KEY, certKeyOut.toByteArray()); - info.set(X509CertInfo.KEY, certKey); - } catch (IOException e) { - CMS.debug("EnrollProfile: fillKeyGen " + e.toString()); - throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); - } catch (CertificateException e) { - CMS.debug("EnrollProfile: fillKeyGen " + e.toString()); - throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); - } - } - - public String normalizeCertReq(String s) { - if (s == null) { - return s; - } - s = s.replaceAll("-----BEGIN CERTIFICATE REQUEST-----", ""); - s = s.replaceAll("-----BEGIN NEW CERTIFICATE REQUEST-----", ""); - s = s.replaceAll("-----END CERTIFICATE REQUEST-----", ""); - s = s.replaceAll("-----END NEW CERTIFICATE REQUEST-----", ""); - - StringBuffer sb = new StringBuffer(); - StringTokenizer st = new StringTokenizer(s, "\r\n "); - - while (st.hasMoreTokens()) { - String nextLine = st.nextToken(); - - nextLine = nextLine.trim(); - if (nextLine.equals("-----BEGIN CERTIFICATE REQUEST-----")) - continue; - if (nextLine.equals("-----BEGIN NEW CERTIFICATE REQUEST-----")) - continue; - if (nextLine.equals("-----END CERTIFICATE REQUEST-----")) - continue; - if (nextLine.equals("-----END NEW CERTIFICATE REQUEST-----")) - continue; - sb.append(nextLine); - } - return sb.toString(); - } - - public Locale getLocale(IRequest request) { - Locale locale = null; - String language = request.getExtDataInString( - EnrollProfile.REQUEST_LOCALE); - if (language != null) { - locale = new Locale(language); - } - return locale; - } - - /** - * Populate input - * <P> - * - * (either all "agent" profile cert requests NOT made through a connector, or all "EE" profile cert requests NOT - * made through a connector) - * <P> - * - * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a profile cert request is made (before - * approval process) - * </ul> - * - * @param ctx profile context - * @param request the certificate request - * @exception EProfileException an error related to this profile has - * occurred - */ - public void populateInput(IProfileContext ctx, IRequest request) - throws EProfileException { - super.populateInput(ctx, request); - } - - public void populate(IRequest request) - throws EProfileException { - super.populate(request); - - } - - /** - * Passes the request to the set of constraint policies - * that validate the request against the profile. - */ - public void validate(IRequest request) - throws ERejectException { - String auditMessage = null; - String auditSubjectID = auditSubjectID(); - String auditRequesterID = auditRequesterID(request); - String auditProfileID = auditProfileID(); - String auditCertificateSubjectName = ILogger.SIGNED_AUDIT_EMPTY_VALUE; - String subject = null; - - // try { - X509CertInfo info = request.getExtDataInCertInfo(REQUEST_CERTINFO); - - try { - CertificateSubjectName sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); - - // if the cert subject name is NOT MISSING, retrieve the - // actual "auditCertificateSubjectName" and "normalize" it - if (sn != null) { - subject = sn.toString(); - if (subject != null) { - // NOTE: This is ok even if the cert subject name - // is "" (empty)! - auditCertificateSubjectName = subject.trim(); - } - } - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditProfileID, - auditCertificateSubjectName); - - audit(auditMessage); - } catch (CertificateException e) { - CMS.debug("EnrollProfile: populate " + e.toString()); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditProfileID, - auditCertificateSubjectName); - - audit(auditMessage); - } catch (IOException e) { - CMS.debug("EnrollProfile: populate " + e.toString()); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditProfileID, - auditCertificateSubjectName); - - audit(auditMessage); - } - - super.validate(request); - Object key = null; - - try { - key = info.get(X509CertInfo.KEY); - } catch (CertificateException e) { - } catch (IOException e) { - } - - if (key == null) { - Locale locale = getLocale(request); - - throw new ERejectException(CMS.getUserMessage( - locale, "CMS_PROFILE_EMPTY_KEY")); - } - - try { - CMS.debug("EnrollProfile certInfo : " + info); - } catch (NullPointerException e) { - // do nothing - } - } - - /** - * Signed Audit Log Requester ID - * - * This method is inherited by all extended "EnrollProfile"s, - * and is called to obtain the "RequesterID" for - * a signed audit log message. - * <P> - * - * @param request the actual request - * @return id string containing the signed audit log message RequesterID - */ - protected String auditRequesterID(IRequest request) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } - - String requesterID = ILogger.UNIDENTIFIED; - - if (request != null) { - // overwrite "requesterID" if and only if "id" != null - String id = request.getRequestId().toString(); - - if (id != null) { - requesterID = id.trim(); - } - } - - return requesterID; - } - - /** - * Signed Audit Log Profile ID - * - * This method is inherited by all extended "EnrollProfile"s, - * and is called to obtain the "ProfileID" for - * a signed audit log message. - * <P> - * - * @return id string containing the signed audit log message ProfileID - */ - protected String auditProfileID() { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } - - String profileID = getId(); - - if (profileID != null) { - profileID = profileID.trim(); - } else { - profileID = ILogger.UNIDENTIFIED; - } - - return profileID; - } - - public void verifyPOP(Locale locale, CertReqMsg certReqMsg) - throws EProfileException { - CMS.debug("EnrollProfile ::in verifyPOP"); - - String auditMessage = null; - String auditSubjectID = auditSubjectID(); - - if (!certReqMsg.hasPop()) { - return; - } - ProofOfPossession pop = certReqMsg.getPop(); - ProofOfPossession.Type popType = pop.getType(); - - if (popType != ProofOfPossession.SIGNATURE) { - return; - } - - try { - CryptoManager cm = CryptoManager.getInstance(); - CryptoToken verifyToken = null; - String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", "internal"); - if (tokenName.equals("internal")) { - CMS.debug("POP verification using internal token"); - certReqMsg.verify(); - } else { - CMS.debug("POP verification using token:" + tokenName); - verifyToken = cm.getTokenByName(tokenName); - certReqMsg.verify(verifyToken); - } - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.SUCCESS); - audit(auditMessage); - } catch (Exception e) { - - CMS.debug("Failed POP verify! " + e.toString()); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.FAILURE); - - audit(auditMessage); - - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_POP_VERIFICATION_ERROR")); - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java deleted file mode 100644 index 3610520fd..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java +++ /dev/null @@ -1,31 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.common; - -import com.netscape.certsrv.profile.IProfileContext; - -/** - * This class implements an enrollment profile context - * that carries information for request creation. - * - * @version $Revision$, $Date$ - */ -public class EnrollProfileContext extends ProfileContext - implements IProfileContext { - -} diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java b/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java deleted file mode 100644 index 7d0686378..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java +++ /dev/null @@ -1,39 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.common; - -import java.util.Hashtable; - -import com.netscape.certsrv.profile.IProfileContext; - -/** - * This class implements the profile context. - * - * @version $Revision$, $Date$ - */ -public class ProfileContext implements IProfileContext { - private Hashtable<String, String> m_Attrs = new Hashtable<String, String>(); - - public void set(String name, String value) { - m_Attrs.put(name, value); - } - - public String get(String name) { - return m_Attrs.get(name); - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java b/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java deleted file mode 100644 index a8a90aef9..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java +++ /dev/null @@ -1,53 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.common; - -import com.netscape.certsrv.profile.IPolicyConstraint; -import com.netscape.certsrv.profile.IPolicyDefault; -import com.netscape.certsrv.profile.IProfilePolicy; - -/** - * This class implements a profile policy that - * contains a default policy and a constraint - * policy. - * - * @version $Revision$, $Date$ - */ -public class ProfilePolicy implements IProfilePolicy { - private String mId = null; - private IPolicyDefault mDefault = null; - private IPolicyConstraint mConstraint = null; - - public ProfilePolicy(String id, IPolicyDefault def, IPolicyConstraint constraint) { - mId = id; - mDefault = def; - mConstraint = constraint; - } - - public String getId() { - return mId; - } - - public IPolicyDefault getDefault() { - return mDefault; - } - - public IPolicyConstraint getConstraint() { - return mConstraint; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java deleted file mode 100644 index 36bac1fa7..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java +++ /dev/null @@ -1,128 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.common; - -import java.util.Enumeration; - -import netscape.security.x509.X500Name; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authority.IAuthority; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.connector.IConnector; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.ERejectException; -import com.netscape.certsrv.ra.IRAService; -import com.netscape.certsrv.ra.IRegistrationAuthority; -import com.netscape.certsrv.request.IRequest; -import com.netscape.certsrv.request.IRequestListener; -import com.netscape.certsrv.request.IRequestQueue; -import com.netscape.certsrv.request.RequestStatus; - -/** - * This class implements a Registration Manager - * enrollment profile. - * - * @version $Revision$, $Date$ - */ -public class RAEnrollProfile extends EnrollProfile { - - public RAEnrollProfile() { - super(); - } - - public IAuthority getAuthority() { - IAuthority authority = (IAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); - - if (authority == null) - return null; - return authority; - } - - public X500Name getIssuerName() { - IRegistrationAuthority ra = (IRegistrationAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); - X500Name issuerName = ra.getX500Name(); - - return issuerName; - } - - public void execute(IRequest request) - throws EProfileException { - - if (!isEnable()) { - CMS.debug("CAEnrollProfile: Profile Not Enabled"); - throw new EProfileException("Profile Not Enabled"); - } - - IRegistrationAuthority ra = - (IRegistrationAuthority) getAuthority(); - IRAService raService = (IRAService) ra.getRAService(); - - if (raService == null) { - throw new EProfileException("No RA Service"); - } - - IRequestQueue queue = ra.getRequestQueue(); - - // send request to CA - try { - IConnector caConnector = raService.getCAConnector(); - - if (caConnector == null) { - CMS.debug("RAEnrollProfile: CA connector not configured"); - } else { - caConnector.send(request); - // check response - if (!request.isSuccess()) { - CMS.debug("RAEnrollProfile error talking to CA setting req status to SVC_PENDING"); - - request.setRequestStatus(RequestStatus.SVC_PENDING); - - try { - queue.updateRequest(request); - } catch (EBaseException e) { - CMS.debug("RAEnrollProfile: Update request " + e.toString()); - } - throw new ERejectException( - request.getError(getLocale(request))); - } - } - } catch (Exception e) { - CMS.debug("RAEnrollProfile: " + e.toString()); - throw new EProfileException(e.toString()); - } - - // request handling - Enumeration<String> names = ra.getRequestListenerNames(); - - if (names != null) { - while (names.hasMoreElements()) { - String name = names.nextElement(); - - CMS.debug("CAEnrollProfile: listener " + name); - IRequestListener listener = ra.getRequestListener(name); - - if (listener != null) { - listener.accept(request); - } - } - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java deleted file mode 100644 index 9be1e43c4..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java +++ /dev/null @@ -1,100 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.common; - -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.common.NameValuePairs; -import com.netscape.certsrv.profile.IPolicyDefault; -import com.netscape.certsrv.profile.IProfileEx; -import com.netscape.certsrv.profile.IProfilePolicy; - -/** - * This class implements a Certificate Manager enrollment - * profile for Server Certificates. - * - * @version $Revision$, $Date$ - */ -public class ServerCertCAEnrollProfile extends CAEnrollProfile - implements IProfileEx { - - /** - * Called after initialization. It populates default - * policies, inputs, and outputs. - */ - public void populate() throws EBaseException { - // create inputs - NameValuePairs inputParams1 = new NameValuePairs(); - createProfileInput("i1", "certReqInputImpl", inputParams1); - NameValuePairs inputParams2 = new NameValuePairs(); - createProfileInput("i2", "submitterInfoInputImpl", inputParams2); - - // create outputs - NameValuePairs outputParams1 = new NameValuePairs(); - createProfileOutput("o1", "certOutputImpl", outputParams1); - - createProfilePolicy("set1", "p1", - "userSubjectNameDefaultImpl", "noConstraintImpl"); - - IProfilePolicy policy2 = - createProfilePolicy("set1", "p2", - "validityDefaultImpl", "noConstraintImpl"); - IPolicyDefault def2 = policy2.getDefault(); - IConfigStore defConfig2 = def2.getConfigStore(); - defConfig2.putString("params.range", "180"); - defConfig2.putString("params.startTime", "0"); - - IProfilePolicy policy3 = - createProfilePolicy("set1", "p3", - "userKeyDefaultImpl", "noConstraintImpl"); - IPolicyDefault def3 = policy3.getDefault(); - IConfigStore defConfig3 = def3.getConfigStore(); - defConfig3.putString("params.keyType", "RSA"); - defConfig3.putString("params.keyMinLength", "512"); - defConfig3.putString("params.keyMaxLength", "4096"); - - IProfilePolicy policy4 = - createProfilePolicy("set1", "p4", - "signingAlgDefaultImpl", "noConstraintImpl"); - IPolicyDefault def4 = policy4.getDefault(); - IConfigStore defConfig4 = def4.getConfigStore(); - defConfig4.putString("params.signingAlg", "-"); - defConfig4 - .putString( - "params.signingAlgsAllowed", - "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); - - IProfilePolicy policy5 = - createProfilePolicy("set1", "p5", - "keyUsageExtDefaultImpl", "noConstraintImpl"); - IPolicyDefault def5 = policy5.getDefault(); - IConfigStore defConfig5 = def5.getConfigStore(); - defConfig5.putString("params.keyUsageCritical", "true"); - defConfig5.putString("params.keyUsageCrlSign", "false"); - defConfig5.putString("params.keyUsageDataEncipherment", "true"); - defConfig5.putString("params.keyUsageDecipherOnly", "false"); - defConfig5.putString("params.keyUsageDigitalSignature", "true"); - defConfig5.putString("params.keyUsageEncipherOnly", "false"); - defConfig5.putString("params.keyUsageKeyAgreement", "false"); - defConfig5.putString("params.keyUsageKeyCertSign", "false"); - defConfig5.putString("params.keyUsageKeyEncipherment", "true"); - defConfig5.putString("params.keyUsageNonRepudiation", "true"); - - } - -} diff --git a/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java deleted file mode 100644 index 3f1cdfb21..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java +++ /dev/null @@ -1,100 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.common; - -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.common.NameValuePairs; -import com.netscape.certsrv.profile.IPolicyDefault; -import com.netscape.certsrv.profile.IProfileEx; -import com.netscape.certsrv.profile.IProfilePolicy; - -/** - * This class implements a Certificate Manager enrollment - * profile for User Certificates. - * - * @version $Revision$, $Date$ - */ -public class UserCertCAEnrollProfile extends CAEnrollProfile - implements IProfileEx { - - /** - * Called after initialization. It populates default - * policies, inputs, and outputs. - */ - public void populate() throws EBaseException { - // create inputs - NameValuePairs inputParams1 = new NameValuePairs(); - createProfileInput("i1", "keyGenInputImpl", inputParams1); - NameValuePairs inputParams2 = new NameValuePairs(); - createProfileInput("i2", "subjectNameInputImpl", inputParams2); - createProfileInput("i3", "submitterInfoInputImpl", inputParams2); - - // create outputs - NameValuePairs outputParams1 = new NameValuePairs(); - createProfileOutput("o1", "certOutputImpl", outputParams1); - - // create policies - createProfilePolicy("set1", "p1", - "userSubjectNameDefaultImpl", "noConstraintImpl"); - - IProfilePolicy policy2 = - createProfilePolicy("set1", "p2", - "validityDefaultImpl", "noConstraintImpl"); - IPolicyDefault def2 = policy2.getDefault(); - IConfigStore defConfig2 = def2.getConfigStore(); - defConfig2.putString("params.range", "180"); - defConfig2.putString("params.startTime", "0"); - - IProfilePolicy policy3 = - createProfilePolicy("set1", "p3", - "userKeyDefaultImpl", "noConstraintImpl"); - IPolicyDefault def3 = policy3.getDefault(); - IConfigStore defConfig3 = def3.getConfigStore(); - defConfig3.putString("params.keyType", "RSA"); - defConfig3.putString("params.keyMinLength", "512"); - defConfig3.putString("params.keyMaxLength", "4096"); - - IProfilePolicy policy4 = - createProfilePolicy("set1", "p4", - "signingAlgDefaultImpl", "noConstraintImpl"); - IPolicyDefault def4 = policy4.getDefault(); - IConfigStore defConfig4 = def4.getConfigStore(); - defConfig4.putString("params.signingAlg", "-"); - defConfig4 - .putString( - "params.signingAlgsAllowed", - "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); - - IProfilePolicy policy5 = - createProfilePolicy("set1", "p5", - "keyUsageExtDefaultImpl", "noConstraintImpl"); - IPolicyDefault def5 = policy5.getDefault(); - IConfigStore defConfig5 = def5.getConfigStore(); - defConfig5.putString("params.keyUsageCritical", "true"); - defConfig5.putString("params.keyUsageCrlSign", "false"); - defConfig5.putString("params.keyUsageDataEncipherment", "false"); - defConfig5.putString("params.keyUsageDecipherOnly", "false"); - defConfig5.putString("params.keyUsageDigitalSignature", "true"); - defConfig5.putString("params.keyUsageEncipherOnly", "false"); - defConfig5.putString("params.keyUsageKeyAgreement", "false"); - defConfig5.putString("params.keyUsageKeyCertSign", "false"); - defConfig5.putString("params.keyUsageKeyEncipherment", "true"); - defConfig5.putString("params.keyUsageNonRepudiation", "true"); - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java deleted file mode 100644 index f924c587f..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java +++ /dev/null @@ -1,224 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.constraint; - -import java.io.IOException; -import java.util.Locale; - -import netscape.security.x509.BasicConstraintsExtension; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.ERejectException; -import com.netscape.certsrv.profile.IPolicyDefault; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.def.BasicConstraintsExtDefault; -import com.netscape.cms.profile.def.NoDefault; -import com.netscape.cms.profile.def.UserExtensionDefault; - -/** - * This class implements the basic constraints extension constraint. - * It checks if the basic constraint in the certificate - * template satisfies the criteria. - * - * @version $Revision$, $Date$ - */ -public class BasicConstraintsExtConstraint extends EnrollConstraint { - - public static final String CONFIG_CRITICAL = - "basicConstraintsCritical"; - public static final String CONFIG_IS_CA = - "basicConstraintsIsCA"; - public static final String CONFIG_MIN_PATH_LEN = - "basicConstraintsMinPathLen"; - public static final String CONFIG_MAX_PATH_LEN = - "basicConstraintsMaxPathLen"; - - public BasicConstraintsExtConstraint() { - super(); - addConfigName(CONFIG_CRITICAL); - addConfigName(CONFIG_IS_CA); - addConfigName(CONFIG_MIN_PATH_LEN); - addConfigName(CONFIG_MAX_PATH_LEN); - } - - /** - * Initializes this constraint plugin. - */ - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(CONFIG_IS_CA)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", - CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA")); - } else if (name.equals(CONFIG_MIN_PATH_LEN)) { - return new Descriptor(IDescriptor.INTEGER, null, - "-1", - CMS.getUserMessage(locale, "CMS_PROFILE_MIN_PATH_LEN")); - } else if (name.equals(CONFIG_MAX_PATH_LEN)) { - return new Descriptor(IDescriptor.INTEGER, null, - "100", - CMS.getUserMessage(locale, "CMS_PROFILE_MAX_PATH_LEN")); - } - return null; - } - - /** - * Validates the request. The request is not modified - * during the validation. - */ - public void validate(IRequest request, X509CertInfo info) - throws ERejectException { - - try { - BasicConstraintsExtension ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), - info); - - if (ext == null) { - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - PKIXExtensions.BasicConstraints_Id.toString())); - } - - // check criticality - String value = getConfig(CONFIG_CRITICAL); - - if (!isOptional(value)) { - boolean critical = getBoolean(value); - - if (critical != ext.isCritical()) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CRITICAL_NOT_MATCHED")); - } - } - value = getConfig(CONFIG_IS_CA); - if (!isOptional(value)) { - boolean isCA = getBoolean(value); - Boolean extIsCA = (Boolean) ext.get(BasicConstraintsExtension.IS_CA); - - if (isCA != extIsCA.booleanValue()) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_IS_CA")); - } - } - value = getConfig(CONFIG_MIN_PATH_LEN); - if (!isOptional(value)) { - int pathLen = getInt(value); - Integer extPathLen = (Integer) ext.get(BasicConstraintsExtension.PATH_LEN); - - if (pathLen > extPathLen.intValue()) { - CMS.debug("BasicCOnstraintsExtConstraint: pathLen=" + pathLen + " > extPathLen=" + extPathLen); - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MIN_PATH")); - } - } - value = getConfig(CONFIG_MAX_PATH_LEN); - if (!isOptional(value)) { - int pathLen = getInt(value); - Integer extPathLen = (Integer) ext.get(BasicConstraintsExtension.PATH_LEN); - - if (pathLen < extPathLen.intValue()) { - CMS.debug("BasicCOnstraintsExtConstraint: pathLen=" + pathLen + " < extPathLen=" + extPathLen); - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MAX_PATH")); - } - } - } catch (IOException e) { - CMS.debug("BasicConstraintsExt: validate " + e.toString()); - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - PKIXExtensions.BasicConstraints_Id.toString())); - } - } - - public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_IS_CA), - getConfig(CONFIG_MIN_PATH_LEN), - getConfig(CONFIG_MAX_PATH_LEN) - }; - - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_TEXT", - params); - } - - public boolean isApplicable(IPolicyDefault def) { - if (def instanceof NoDefault) - return true; - if (def instanceof BasicConstraintsExtDefault) - return true; - if (def instanceof UserExtensionDefault) - return true; - return false; - } - - public void setConfig(String name, String value) - throws EPropertyException { - - if (mConfig.getSubStore("params") == null) { - CMS.debug("BasicConstraintsExt: mConfig.getSubStore is null"); - // - } else { - - CMS.debug("BasicConstraintsExt: setConfig name " + name + " value " + value); - - if (name.equals(CONFIG_MAX_PATH_LEN)) { - - String minPathLen = getConfig(CONFIG_MIN_PATH_LEN); - - int minLen = getInt(minPathLen); - - int maxLen = getInt(value); - - if (minLen >= maxLen) { - CMS.debug("BasicConstraintExt: minPathLen >= maxPathLen!"); - - throw new EPropertyException("bad value"); - } - - } - mConfig.getSubStore("params").putString(name, value); - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java deleted file mode 100644 index c0a9758da..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java +++ /dev/null @@ -1,48 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.constraint; - -import netscape.security.x509.X509CertImpl; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.ca.ICertificateAuthority; - -/** - * This class represents an abstract class for CA enrollment - * constraint. - */ -public abstract class CAEnrollConstraint extends EnrollConstraint { - - /** - * Constructs a CA enrollment constraint. - */ - public CAEnrollConstraint() { - super(); - } - - /** - * Retrieves the CA certificate. - */ - public X509CertImpl getCACert() { - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); - X509CertImpl caCert = ca.getCACert(); - - return caCert; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java deleted file mode 100644 index e118fa215..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java +++ /dev/null @@ -1,139 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.constraint; - -import java.io.IOException; -import java.util.Date; -import java.util.Locale; - -import netscape.security.x509.CertificateValidity; -import netscape.security.x509.X509CertImpl; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.ERejectException; -import com.netscape.certsrv.profile.IPolicyDefault; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.def.CAValidityDefault; -import com.netscape.cms.profile.def.NoDefault; -import com.netscape.cms.profile.def.UserValidityDefault; -import com.netscape.cms.profile.def.ValidityDefault; - -/** - * This class implements the validity constraint. - * It checks if the validity in the certificate - * template is within the CA's validity. - * - * @version $Revision$, $Date$ - */ -public class CAValidityConstraint extends CAEnrollConstraint { - - private Date mDefNotBefore = null; - private Date mDefNotAfter = null; - - public CAValidityConstraint() { - super(); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - X509CertImpl caCert = getCACert(); - - mDefNotBefore = caCert.getNotBefore(); - mDefNotAfter = caCert.getNotAfter(); - } - - /** - * Validates the request. The request is not modified - * during the validation. - */ - public void validate(IRequest request, X509CertInfo info) - throws ERejectException { - CMS.debug("CAValidityConstraint: validate start"); - CertificateValidity v = null; - - try { - v = (CertificateValidity) info.get(X509CertInfo.VALIDITY); - } catch (Exception e) { - throw new ERejectException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_VALIDITY_NOT_FOUND")); - } - Date notBefore = null; - - try { - notBefore = (Date) v.get(CertificateValidity.NOT_BEFORE); - } catch (IOException e) { - CMS.debug("CAValidity: not before " + e.toString()); - throw new ERejectException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_INVALID_NOT_BEFORE")); - } - Date notAfter = null; - - try { - notAfter = (Date) v.get(CertificateValidity.NOT_AFTER); - } catch (IOException e) { - CMS.debug("CAValidity: not after " + e.toString()); - throw new ERejectException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_INVALID_NOT_AFTER")); - } - - if (mDefNotBefore != null) { - CMS.debug("ValidtyConstraint: notBefore=" + notBefore + - " defNotBefore=" + mDefNotBefore); - if (notBefore.before(mDefNotBefore)) { - throw new ERejectException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_INVALID_NOT_BEFORE")); - } - } - CMS.debug("ValidtyConstraint: notAfter=" + notAfter + - " defNotAfter=" + mDefNotAfter); - if (notAfter.after(mDefNotAfter)) { - throw new ERejectException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_INVALID_NOT_AFTER")); - } - - CMS.debug("CAValidtyConstraint: validate end"); - } - - public String getText(Locale locale) { - String params[] = { - mDefNotBefore.toString(), - mDefNotAfter.toString() - }; - - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_CA_VALIDITY_CONSTRAINT_TEXT", - params); - } - - public boolean isApplicable(IPolicyDefault def) { - if (def instanceof NoDefault) - return true; - if (def instanceof UserValidityDefault) - return true; - if (def instanceof ValidityDefault) - return true; - if (def instanceof CAValidityDefault) - return true; - return false; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java deleted file mode 100644 index 40c2153a8..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java +++ /dev/null @@ -1,214 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.constraint; - -import java.util.Enumeration; -import java.util.Locale; -import java.util.Vector; - -import netscape.security.x509.CertificateExtensions; -import netscape.security.x509.Extension; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.ERejectException; -import com.netscape.certsrv.profile.IPolicyConstraint; -import com.netscape.certsrv.profile.IPolicyDefault; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.common.EnrollProfile; - -/** - * This class implements the generic enrollment constraint. - * - * @version $Revision$, $Date$ - */ -public abstract class EnrollConstraint implements IPolicyConstraint { - public static final String CONFIG_NAME = "name"; - - protected IConfigStore mConfig = null; - protected Vector<String> mConfigNames = new Vector<String>(); - - public EnrollConstraint() { - } - - public Enumeration<String> getConfigNames() { - return mConfigNames.elements(); - } - - public void addConfigName(String name) { - mConfigNames.addElement(name); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - return null; - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - return null; - } - - public Locale getLocale(IRequest request) { - Locale locale = null; - String language = request.getExtDataInString( - EnrollProfile.REQUEST_LOCALE); - if (language != null) { - locale = new Locale(language); - } - return locale; - } - - public void setConfig(String name, String value) - throws EPropertyException { - if (mConfig.getSubStore("params") == null) { - // - } else { - mConfig.getSubStore("params").putString(name, value); - } - } - - public String getConfig(String name) { - try { - if (mConfig == null) - return null; - if (mConfig.getSubStore("params") != null) { - String val = mConfig.getSubStore("params").getString(name); - - return val; - } - } catch (EBaseException e) { - CMS.debug(e.toString()); - } - return ""; - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - mConfig = config; - } - - public IConfigStore getConfigStore() { - return mConfig; - } - - /** - * Validates the request. The request is not modified - * during the validation. - * - * @param request enrollment request - * @param info certificate template - * @exception ERejectException request is rejected due - * to violation of constraint - */ - public abstract void validate(IRequest request, X509CertInfo info) - throws ERejectException; - - /** - * Validates the request. The request is not modified - * during the validation. - * - * The current implementation of this method calls - * into the subclass's validate(request, info) - * method for validation checking. - * - * @param request request - * @exception ERejectException request is rejected due - * to violation of constraint - */ - public void validate(IRequest request) - throws ERejectException { - String name = getClass().getName(); - - name = name.substring(name.lastIndexOf('.') + 1); - CMS.debug(name + ": validate start"); - X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); - - validate(request, info); - - request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); - CMS.debug(name + ": validate end"); - } - - public String getText(Locale locale) { - return "Enroll Constraint"; - } - - public String getName(Locale locale) { - try { - return mConfig.getString(CONFIG_NAME); - } catch (EBaseException e) { - return null; - } - } - - protected Extension getExtension(String name, X509CertInfo info) { - CertificateExtensions exts = null; - - try { - exts = (CertificateExtensions) - info.get(X509CertInfo.EXTENSIONS); - } catch (Exception e) { - CMS.debug("EnrollConstraint: getExtension " + e.toString()); - } - if (exts == null) - return null; - Enumeration<Extension> e = exts.getAttributes(); - - while (e.hasMoreElements()) { - Extension ext = e.nextElement(); - - if (ext.getExtensionId().toString().equals(name)) { - return ext; - } - } - return null; - } - - protected boolean isOptional(String value) { - if (value.equals("") || value.equals("-")) - return true; - else - return false; - } - - protected boolean getBoolean(String value) { - return Boolean.valueOf(value).booleanValue(); - } - - protected int getInt(String value) { - return Integer.valueOf(value).intValue(); - } - - protected boolean getConfigBoolean(String value) { - return getBoolean(getConfig(value)); - } - - protected int getConfigInt(String value) { - return getInt(getConfig(value)); - } - - public boolean isApplicable(IPolicyDefault def) { - return true; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java deleted file mode 100644 index 3c737e8a5..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java +++ /dev/null @@ -1,156 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.constraint; - -import java.util.Enumeration; -import java.util.Locale; -import java.util.StringTokenizer; -import java.util.Vector; - -import netscape.security.extensions.ExtendedKeyUsageExtension; -import netscape.security.util.ObjectIdentifier; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.ERejectException; -import com.netscape.certsrv.profile.IPolicyDefault; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.def.ExtendedKeyUsageExtDefault; -import com.netscape.cms.profile.def.NoDefault; -import com.netscape.cms.profile.def.UserExtensionDefault; - -/** - * This class implements the extended key usage extension constraint. - * It checks if the extended key usage extension in the certificate - * template satisfies the criteria. - * - * @version $Revision$, $Date$ - */ -public class ExtendedKeyUsageExtConstraint extends EnrollConstraint { - - public static final String CONFIG_CRITICAL = "exKeyUsageCritical"; - public static final String CONFIG_OIDS = - "exKeyUsageOIDs"; - - public ExtendedKeyUsageExtConstraint() { - super(); - addConfigName(CONFIG_CRITICAL); - addConfigName(CONFIG_OIDS); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(CONFIG_OIDS)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_OIDS")); - } - return null; - } - - /** - * Validates the request. The request is not modified - * during the validation. - */ - public void validate(IRequest request, X509CertInfo info) - throws ERejectException { - ExtendedKeyUsageExtension ext = (ExtendedKeyUsageExtension) - getExtension(ExtendedKeyUsageExtension.OID, info); - - if (ext == null) { - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - ExtendedKeyUsageExtension.OID)); - } - - // check criticality - String value = getConfig(CONFIG_CRITICAL); - - if (!isOptional(value)) { - boolean critical = getBoolean(value); - - if (critical != ext.isCritical()) { - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_CRITICAL_NOT_MATCHED")); - } - } - - // Build local cache of configured OIDs - Vector<String> mCache = new Vector<String>(); - StringTokenizer st = new StringTokenizer(getConfig(CONFIG_OIDS), ","); - - while (st.hasMoreTokens()) { - String oid = st.nextToken(); - - mCache.addElement(oid); - } - - // check OIDs - Enumeration<ObjectIdentifier> e = ext.getOIDs(); - - while (e.hasMoreElements()) { - ObjectIdentifier oid = e.nextElement(); - - if (!mCache.contains(oid.toString())) { - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_OID_NOT_MATCHED", - oid.toString())); - } - } - } - - public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_OIDS) - }; - - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_EXTENDED_KEY_EXT_TEXT", - params); - } - - public boolean isApplicable(IPolicyDefault def) { - if (def instanceof NoDefault) - return true; - if (def instanceof ExtendedKeyUsageExtDefault) - return true; - if (def instanceof UserExtensionDefault) - return true; - return false; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java deleted file mode 100644 index 1562fddb8..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java +++ /dev/null @@ -1,146 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.constraint; - -import java.util.Locale; - -import netscape.security.x509.Extension; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.ERejectException; -import com.netscape.certsrv.profile.IPolicyDefault; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.def.EnrollExtDefault; -import com.netscape.cms.profile.def.NoDefault; -import com.netscape.cms.profile.def.UserExtensionDefault; - -/** - * This class implements the general extension constraint. - * It checks if the extension in the certificate - * template satisfies the criteria. - * - * @version $Revision$, $Date$ - */ -public class ExtensionConstraint extends EnrollConstraint { - - public static final String CONFIG_CRITICAL = "extCritical"; - public static final String CONFIG_OID = "extOID"; - - public ExtensionConstraint() { - super(); - addConfigName(CONFIG_CRITICAL); - addConfigName(CONFIG_OID); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public void setConfig(String name, String value) - throws EPropertyException { - - if (mConfig.getSubStore("params") == null) { - CMS.debug("ExtensionConstraint: mConfig.getSubStore is null"); - } else { - CMS.debug("ExtensionConstraint: setConfig name=" + name + - " value=" + value); - - if (name.equals(CONFIG_OID)) { - try { - CMS.checkOID("", value); - } catch (Exception e) { - throw new EPropertyException( - CMS.getUserMessage("CMS_PROFILE_PROPERTY_ERROR", value)); - } - } - mConfig.getSubStore("params").putString(name, value); - } - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(CONFIG_OID)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_OID")); - } - return null; - } - - /** - * Validates the request. The request is not modified - * during the validation. - */ - public void validate(IRequest request, X509CertInfo info) - throws ERejectException { - - Extension ext = getExtension(getConfig(CONFIG_OID), info); - - if (ext == null) { - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - getConfig(CONFIG_OID))); - } - - // check criticality - String value = getConfig(CONFIG_CRITICAL); - - if (!isOptional(value)) { - boolean critical = getBoolean(value); - - if (critical != ext.isCritical()) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CRITICAL_NOT_MATCHED")); - } - } - } - - public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_OID) - }; - - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_EXTENSION_TEXT", params); - } - - public boolean isApplicable(IPolicyDefault def) { - if (def instanceof NoDefault) - return true; - if (def instanceof UserExtensionDefault) - return true; - if (def instanceof EnrollExtDefault) - return true; - return false; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java deleted file mode 100644 index e6f5019a0..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java +++ /dev/null @@ -1,644 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.constraint; - -import java.math.BigInteger; -import java.security.interfaces.DSAParams; -import java.util.HashMap; -import java.util.Locale; -import java.util.Vector; - -import netscape.security.provider.DSAPublicKey; -import netscape.security.provider.RSAPublicKey; -import netscape.security.x509.AlgorithmId; -import netscape.security.x509.CertificateX509Key; -import netscape.security.x509.X509CertInfo; -import netscape.security.x509.X509Key; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.ERejectException; -import com.netscape.certsrv.profile.IPolicyDefault; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.def.NoDefault; -import com.netscape.cms.profile.def.UserKeyDefault; - -/** - * This constraint is to check the key type and - * key length. - * - * @version $Revision$, $Date$ - */ -@SuppressWarnings("serial") -public class KeyConstraint extends EnrollConstraint { - - public static final String CONFIG_KEY_TYPE = "keyType"; // (EC, RSA) - public static final String CONFIG_KEY_PARAMETERS = "keyParameters"; - - private static final String[] ecCurves = { - "nistp256", "nistp384", "nistp521", "sect163k1", "nistk163", "sect163r1", "sect163r2", - "nistb163", "sect193r1", "sect193r2", "sect233k1", "nistk233", "sect233r1", "nistb233", "sect239k1", - "sect283k1", "nistk283", - "sect283r1", "nistb283", "sect409k1", "nistk409", "sect409r1", "nistb409", "sect571k1", "nistk571", - "sect571r1", "nistb571", - "secp160k1", "secp160r1", "secp160r2", "secp192k1", "secp192r1", "nistp192", "secp224k1", "secp224r1", - "nistp224", "secp256k1", - "secp256r1", "secp384r1", "secp521r1", "prime192v1", "prime192v2", "prime192v3", "prime239v1", - "prime239v2", "prime239v3", "c2pnb163v1", - "c2pnb163v2", "c2pnb163v3", "c2pnb176v1", "c2tnb191v1", "c2tnb191v2", "c2tnb191v3", "c2pnb208w1", - "c2tnb239v1", "c2tnb239v2", "c2tnb239v3", - "c2pnb272w1", "c2pnb304w1", "c2tnb359w1", "c2pnb368w1", "c2tnb431r1", "secp112r1", "secp112r2", - "secp128r1", "secp128r2", "sect113r1", "sect113r2", - "sect131r1", "sect131r2" - }; - - private final static HashMap<String, Vector<String>> ecOIDs = new HashMap<String, Vector<String>>(); - static { - ecOIDs.put("1.2.840.10045.3.1.7", new Vector<String>() { - { - add("nistp256"); - add("secp256r1"); - } - }); - ecOIDs.put("1.3.132.0.34", new Vector<String>() { - { - add("nistp384"); - add("secp384r1"); - } - }); - ecOIDs.put("1.3.132.0.35", new Vector<String>() { - { - add("nistp521"); - add("secp521r1"); - } - }); - ecOIDs.put("1.3.132.0.1", new Vector<String>() { - { - add("sect163k1"); - add("nistk163"); - } - }); - ecOIDs.put("1.3.132.0.2", new Vector<String>() { - { - add("sect163r1"); - } - }); - ecOIDs.put("1.3.132.0.15", new Vector<String>() { - { - add("sect163r2"); - add("nistb163"); - } - }); - ecOIDs.put("1.3.132.0.24", new Vector<String>() { - { - add("sect193r1"); - } - }); - ecOIDs.put("1.3.132.0.25", new Vector<String>() { - { - add("sect193r2"); - } - }); - ecOIDs.put("1.3.132.0.26", new Vector<String>() { - { - add("sect233k1"); - add("nistk233"); - } - }); - ecOIDs.put("1.3.132.0.27", new Vector<String>() { - { - add("sect233r1"); - add("nistb233"); - } - }); - ecOIDs.put("1.3.132.0.3", new Vector<String>() { - { - add("sect239k1"); - } - }); - ecOIDs.put("1.3.132.0.16", new Vector<String>() { - { - add("sect283k1"); - add("nistk283"); - } - }); - ecOIDs.put("1.3.132.0.17", new Vector<String>() { - { - add("sect283r1"); - add("nistb283"); - } - }); - ecOIDs.put("1.3.132.0.36", new Vector<String>() { - { - add("sect409k1"); - add("nistk409"); - } - }); - ecOIDs.put("1.3.132.0.37", new Vector<String>() { - { - add("sect409r1"); - add("nistb409"); - } - }); - ecOIDs.put("1.3.132.0.38", new Vector<String>() { - { - add("sect571k1"); - add("nistk571"); - } - }); - ecOIDs.put("1.3.132.0.39", new Vector<String>() { - { - add("sect571r1"); - add("nistb571"); - } - }); - ecOIDs.put("1.3.132.0.9", new Vector<String>() { - { - add("secp160k1"); - } - }); - ecOIDs.put("1.3.132.0.8", new Vector<String>() { - { - add("secp160r1"); - } - }); - ecOIDs.put("1.3.132.0.30", new Vector<String>() { - { - add("secp160r2"); - } - }); - ecOIDs.put("1.3.132.0.31", new Vector<String>() { - { - add("secp192k1"); - } - }); - ecOIDs.put("1.2.840.10045.3.1.1", new Vector<String>() { - { - add("secp192r1"); - add("nistp192"); - add("prime192v1"); - } - }); - ecOIDs.put("1.3.132.0.32", new Vector<String>() { - { - add("secp224k1"); - } - }); - ecOIDs.put("1.3.132.0.33", new Vector<String>() { - { - add("secp224r1"); - add("nistp224"); - } - }); - ecOIDs.put("1.3.132.0.10", new Vector<String>() { - { - add("secp256k1"); - } - }); - ecOIDs.put("1.2.840.10045.3.1.2", new Vector<String>() { - { - add("prime192v2"); - } - }); - ecOIDs.put("1.2.840.10045.3.1.3", new Vector<String>() { - { - add("prime192v3"); - } - }); - ecOIDs.put("1.2.840.10045.3.1.4", new Vector<String>() { - { - add("prime239v1"); - } - }); - ecOIDs.put("1.2.840.10045.3.1.5", new Vector<String>() { - { - add("prime239v2"); - } - }); - ecOIDs.put("1.2.840.10045.3.1.6", new Vector<String>() { - { - add("prime239v3"); - } - }); - ecOIDs.put("1.2.840.10045.3.0.1", new Vector<String>() { - { - add("c2pnb163v1"); - } - }); - ecOIDs.put("1.2.840.10045.3.0.2", new Vector<String>() { - { - add("c2pnb163v2"); - } - }); - ecOIDs.put("1.2.840.10045.3.0.3", new Vector<String>() { - { - add("c2pnb163v3"); - } - }); - ecOIDs.put("1.2.840.10045.3.0.4", new Vector<String>() { - { - add("c2pnb176v1"); - } - }); - ecOIDs.put("1.2.840.10045.3.0.5", new Vector<String>() { - { - add("c2tnb191v1"); - } - }); - ecOIDs.put("1.2.840.10045.3.0.6", new Vector<String>() { - { - add("c2tnb191v2"); - } - }); - ecOIDs.put("1.2.840.10045.3.0.7", new Vector<String>() { - { - add("c2tnb191v3"); - } - }); - ecOIDs.put("1.2.840.10045.3.0.10", new Vector<String>() { - { - add("c2pnb208w1"); - } - }); - ecOIDs.put("1.2.840.10045.3.0.11", new Vector<String>() { - { - add("c2tnb239v1"); - } - }); - ecOIDs.put("1.2.840.10045.3.0.12", new Vector<String>() { - { - add("c2tnb239v2"); - } - }); - ecOIDs.put("1.2.840.10045.3.0.13", new Vector<String>() { - { - add("c2tnb239v3"); - } - }); - ecOIDs.put("1.2.840.10045.3.0.16", new Vector<String>() { - { - add("c2pnb272w1"); - } - }); - ecOIDs.put("1.2.840.10045.3.0.17", new Vector<String>() { - { - add("c2pnb304w1"); - } - }); - ecOIDs.put("1.2.840.10045.3.0.19", new Vector<String>() { - { - add("c2pnb368w1"); - } - }); - ecOIDs.put("1.2.840.10045.3.0.20", new Vector<String>() { - { - add("c2tnb431r1"); - } - }); - ecOIDs.put("1.3.132.0.6", new Vector<String>() { - { - add("secp112r1"); - } - }); - ecOIDs.put("1.3.132.0.7", new Vector<String>() { - { - add("secp112r2"); - } - }); - ecOIDs.put("1.3.132.0.28", new Vector<String>() { - { - add("secp128r1"); - } - }); - ecOIDs.put("1.3.132.0.29", new Vector<String>() { - { - add("secp128r2"); - } - }); - ecOIDs.put("1.3.132.0.4", new Vector<String>() { - { - add("sect113r1"); - } - }); - ecOIDs.put("1.3.132.0.5", new Vector<String>() { - { - add("sect113r2"); - } - }); - ecOIDs.put("1.3.132.0.22", new Vector<String>() { - { - add("sect131r1"); - } - }); - ecOIDs.put("1.3.132.0.23", new Vector<String>() { - { - add("sect131r2"); - } - }); - } - - private static String[] cfgECCurves = null; - private static String keyType = ""; - private static String keyParams = ""; - - public KeyConstraint() { - super(); - addConfigName(CONFIG_KEY_TYPE); - addConfigName(CONFIG_KEY_PARAMETERS); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - - String ecNames = ""; - try { - ecNames = CMS.getConfigStore().getString("keys.ecc.curve.list"); - } catch (Exception e) { - } - - CMS.debug("KeyConstraint.init ecNames: " + ecNames); - if (ecNames != null && ecNames.length() != 0) { - cfgECCurves = ecNames.split(","); - } - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_KEY_TYPE)) { - return new Descriptor(IDescriptor.CHOICE, "-,RSA,EC", - "RSA", - CMS.getUserMessage(locale, "CMS_PROFILE_KEY_TYPE")); - } else if (name.equals(CONFIG_KEY_PARAMETERS)) { - return new Descriptor(IDescriptor.STRING, null, "", - CMS.getUserMessage(locale, "CMS_PROFILE_KEY_PARAMETERS")); - } - - return null; - } - - /** - * Validates the request. The request is not modified - * during the validation. - */ - public void validate(IRequest request, X509CertInfo info) - throws ERejectException { - try { - CertificateX509Key infokey = (CertificateX509Key) - info.get(X509CertInfo.KEY); - X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY); - - String alg = key.getAlgorithmId().getName().toUpperCase(); - String value = getConfig(CONFIG_KEY_TYPE); - String keyType = value; - - if (!isOptional(value)) { - if (!alg.equals(value)) { - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_KEY_TYPE_NOT_MATCHED", - value)); - } - } - - int keySize = 0; - - if (alg.equals("RSA")) { - keySize = getRSAKeyLen(key); - } else if (alg.equals("DSA")) { - keySize = getDSAKeyLen(key); - } else if (alg.equals("EC")) { - //EC key case. - } else { - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_INVALID_KEY_TYPE", - alg)); - } - - value = getConfig(CONFIG_KEY_PARAMETERS); - - String[] keyParams = value.split(","); - - if (alg.equals("EC")) { - if (!alg.equals(keyType) && !isOptional(keyType)) { - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", - value)); - } - - AlgorithmId algid = key.getAlgorithmId(); - - CMS.debug("algId: " + algid); - - //Get raw string representation of alg parameters, will give - //us the curve OID. - - String params = null; - if (algid != null) { - params = algid.getParametersString(); - } - - if (params.startsWith("OID.")) { - params = params.substring(4); - } - - CMS.debug("EC key OID: " + params); - Vector<String> vect = ecOIDs.get(params); - - boolean curveFound = false; - - if (vect != null) { - CMS.debug("vect: " + vect.toString()); - - if (!isOptional(keyType)) { - //Check the curve parameters only if explicit ECC or not optional - for (int i = 0; i < keyParams.length; i++) { - String ecParam = keyParams[i]; - CMS.debug("keyParams[i]: " + i + " param: " + ecParam); - if (vect.contains(ecParam)) { - curveFound = true; - CMS.debug("KeyConstraint.validate: EC key constrainst passed."); - break; - } - } - } else { - curveFound = true; - } - } - - if (!curveFound) { - CMS.debug("KeyConstraint.validate: EC key constrainst failed."); - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", - value)); - } - - } else { - if (!arrayContainsString(keyParams, Integer.toString(keySize))) { - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", - value)); - } - CMS.debug("KeyConstraint.validate: RSA key contraints passed."); - } - } catch (Exception e) { - if (e instanceof ERejectException) { - throw (ERejectException) e; - } - CMS.debug("KeyConstraint: " + e.toString()); - throw new ERejectException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_KEY_NOT_FOUND")); - } - } - - public int getRSAKeyLen(X509Key key) throws Exception { - X509Key newkey = null; - - try { - newkey = new X509Key(AlgorithmId.get("RSA"), - key.getKey()); - } catch (Exception e) { - CMS.debug("KeyConstraint: getRSAKey Len " + e.toString()); - return -1; - } - RSAPublicKey rsaKey = new RSAPublicKey(newkey.getEncoded()); - - return rsaKey.getKeySize(); - } - - public int getDSAKeyLen(X509Key key) throws Exception { - // Check DSAKey parameters. - // size refers to the p parameter. - DSAPublicKey dsaKey = new DSAPublicKey(key.getEncoded()); - DSAParams keyParams = dsaKey.getParams(); - BigInteger p = keyParams.getP(); - int len = p.bitLength(); - - return len; - } - - public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_KEY_TYPE), - getConfig(CONFIG_KEY_PARAMETERS) - }; - - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_KEY_TEXT", params); - } - - public boolean isApplicable(IPolicyDefault def) { - if (def instanceof NoDefault) - return true; - if (def instanceof UserKeyDefault) - return true; - return false; - } - - public void setConfig(String name, String value) - throws EPropertyException { - - CMS.debug("KeyConstraint.setConfig name: " + name + " value: " + value); - //establish keyType, we don't know which order these params will arrive - if (name.equals(CONFIG_KEY_TYPE)) { - keyType = value; - if (keyParams.equals("")) - return; - } - - //establish keyParams - if (name.equals(CONFIG_KEY_PARAMETERS)) { - CMS.debug("establish keyParams: " + value); - keyParams = value; - - if (keyType.equals("")) - return; - } - // All the params we need for validation have been collected, - // we don't know which order they will show up - if (keyType.length() > 0 && keyParams.length() > 0) { - String[] params = keyParams.split(","); - boolean isECCurve = false; - int keySize = 0; - - for (int i = 0; i < params.length; i++) { - if (keyType.equals("EC")) { - if (cfgECCurves == null) { - //Use the static array as a backup if the config values are not present. - isECCurve = arrayContainsString(ecCurves, params[i]); - } else { - isECCurve = arrayContainsString(cfgECCurves, params[i]); - } - if (isECCurve == false) { //Not a valid EC curve throw exception. - keyType = ""; - keyParams = ""; - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", name)); - } - } else { - try { - keySize = Integer.parseInt(params[i]); - } catch (Exception e) { - keySize = 0; - } - if (keySize <= 0) { - keyType = ""; - keyParams = ""; - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", name)); - } - } - } - } - //Actually set the configuration in the profile - super.setConfig(CONFIG_KEY_TYPE, keyType); - super.setConfig(CONFIG_KEY_PARAMETERS, keyParams); - - //Reset the vars for next round. - keyType = ""; - keyParams = ""; - } - - private boolean arrayContainsString(String[] array, String value) { - - if (array == null || value == null) { - return false; - } - - for (int i = 0; i < array.length; i++) { - if (array[i].equals(value)) { - return true; - } - } - - return false; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java deleted file mode 100644 index 927c64ec2..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java +++ /dev/null @@ -1,291 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.constraint; - -import java.util.Locale; - -import netscape.security.x509.KeyUsageExtension; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.ERejectException; -import com.netscape.certsrv.profile.IPolicyDefault; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.def.KeyUsageExtDefault; -import com.netscape.cms.profile.def.NoDefault; -import com.netscape.cms.profile.def.UserExtensionDefault; - -/** - * This class implements the key usage extension constraint. - * It checks if the key usage constraint in the certificate - * template satisfies the criteria. - * - * @version $Revision$, $Date$ - */ -public class KeyUsageExtConstraint extends EnrollConstraint { - - public static final String CONFIG_CRITICAL = "keyUsageCritical"; - public static final String CONFIG_DIGITAL_SIGNATURE = - "keyUsageDigitalSignature"; - public static final String CONFIG_NON_REPUDIATION = - "keyUsageNonRepudiation"; - public static final String CONFIG_KEY_ENCIPHERMENT = - "keyUsageKeyEncipherment"; - public static final String CONFIG_DATA_ENCIPHERMENT = - "keyUsageDataEncipherment"; - public static final String CONFIG_KEY_AGREEMENT = "keyUsageKeyAgreement"; - public static final String CONFIG_KEY_CERTSIGN = "keyUsageKeyCertSign"; - public static final String CONFIG_CRL_SIGN = "keyUsageCrlSign"; - public static final String CONFIG_ENCIPHER_ONLY = "keyUsageEncipherOnly"; - public static final String CONFIG_DECIPHER_ONLY = "keyUsageDecipherOnly"; - - public KeyUsageExtConstraint() { - super(); - addConfigName(CONFIG_CRITICAL); - addConfigName(CONFIG_DIGITAL_SIGNATURE); - addConfigName(CONFIG_NON_REPUDIATION); - addConfigName(CONFIG_KEY_ENCIPHERMENT); - addConfigName(CONFIG_DATA_ENCIPHERMENT); - addConfigName(CONFIG_KEY_AGREEMENT); - addConfigName(CONFIG_KEY_CERTSIGN); - addConfigName(CONFIG_CRL_SIGN); - addConfigName(CONFIG_ENCIPHER_ONLY); - addConfigName(CONFIG_DECIPHER_ONLY); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(CONFIG_DIGITAL_SIGNATURE)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", - CMS.getUserMessage(locale, "CMS_PROFILE_DIGITAL_SIGNATURE")); - } else if (name.equals(CONFIG_NON_REPUDIATION)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", - CMS.getUserMessage(locale, "CMS_PROFILE_NON_REPUDIATION")); - } else if (name.equals(CONFIG_KEY_ENCIPHERMENT)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", - CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ENCIPHERMENT")); - } else if (name.equals(CONFIG_DATA_ENCIPHERMENT)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", - CMS.getUserMessage(locale, "CMS_PROFILE_DATA_ENCIPHERMENT")); - } else if (name.equals(CONFIG_KEY_AGREEMENT)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", - CMS.getUserMessage(locale, "CMS_PROFILE_KEY_AGREEMENT")); - } else if (name.equals(CONFIG_KEY_CERTSIGN)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", - CMS.getUserMessage(locale, "CMS_PROFILE_KEY_CERTSIGN")); - } else if (name.equals(CONFIG_CRL_SIGN)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", - CMS.getUserMessage(locale, "CMS_PROFILE_CRL_SIGN")); - } else if (name.equals(CONFIG_ENCIPHER_ONLY)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", - CMS.getUserMessage(locale, "CMS_PROFILE_ENCIPHER_ONLY")); - } else if (name.equals(CONFIG_DECIPHER_ONLY)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", - CMS.getUserMessage(locale, "CMS_PROFILE_DECIPHER_ONLY")); - } - return null; - } - - public boolean isSet(boolean bits[], int position) { - if (bits.length <= position) - return false; - return bits[position]; - } - - /** - * Validates the request. The request is not modified - * during the validation. - */ - public void validate(IRequest request, X509CertInfo info) - throws ERejectException { - KeyUsageExtension ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - - if (ext == null) { - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - PKIXExtensions.KeyUsage_Id.toString())); - } - - boolean[] bits = ext.getBits(); - String value = getConfig(CONFIG_CRITICAL); - - if (!isOptional(value)) { - boolean critical = getBoolean(value); - - if (critical != ext.isCritical()) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CRITICAL_NOT_MATCHED")); - } - } - value = getConfig(CONFIG_DIGITAL_SIGNATURE); - if (!isOptional(value)) { - boolean bit = getBoolean(value); - - if (bit != isSet(bits, 0)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_DIGITAL_SIGNATURE_NOT_MATCHED", - value)); - } - } - value = getConfig(CONFIG_NON_REPUDIATION); - if (!isOptional(value)) { - boolean bit = getBoolean(value); - - if (bit != isSet(bits, 1)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_NON_REPUDIATION_NOT_MATCHED", - value)); - } - } - value = getConfig(CONFIG_KEY_ENCIPHERMENT); - if (!isOptional(value)) { - boolean bit = getBoolean(value); - - if (bit != isSet(bits, 2)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_KEY_ENCIPHERMENT_NOT_MATCHED", - value)); - } - } - value = getConfig(CONFIG_DATA_ENCIPHERMENT); - if (!isOptional(value)) { - boolean bit = getBoolean(value); - - if (bit != isSet(bits, 3)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_DATA_ENCIPHERMENT_NOT_MATCHED", - value)); - } - } - value = getConfig(CONFIG_KEY_AGREEMENT); - if (!isOptional(value)) { - boolean bit = getBoolean(value); - - if (bit != isSet(bits, 4)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_KEY_AGREEMENT_NOT_MATCHED", - value)); - } - } - value = getConfig(CONFIG_KEY_CERTSIGN); - if (!isOptional(value)) { - boolean bit = getBoolean(value); - - if (bit != isSet(bits, 5)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_KEY_CERTSIGN_NOT_MATCHED", - value)); - } - } - value = getConfig(CONFIG_CRL_SIGN); - if (!isOptional(value)) { - boolean bit = getBoolean(value); - - if (bit != isSet(bits, 6)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CRL_SIGN_NOT_MATCHED", - value)); - } - } - value = getConfig(CONFIG_ENCIPHER_ONLY); - if (!isOptional(value)) { - boolean bit = getBoolean(value); - - if (bit != isSet(bits, 7)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_ENCIPHER_ONLY_NOT_MATCHED", - value)); - } - } - value = getConfig(CONFIG_DECIPHER_ONLY); - if (!isOptional(value)) { - boolean bit = getBoolean(value); - - if (bit != isSet(bits, 8)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_DECIPHER_ONLY_NOT_MATCHED", - value)); - } - } - } - - public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_DIGITAL_SIGNATURE), - getConfig(CONFIG_NON_REPUDIATION), - getConfig(CONFIG_KEY_ENCIPHERMENT), - getConfig(CONFIG_DATA_ENCIPHERMENT), - getConfig(CONFIG_KEY_AGREEMENT), - getConfig(CONFIG_KEY_CERTSIGN), - getConfig(CONFIG_CRL_SIGN), - getConfig(CONFIG_ENCIPHER_ONLY), - getConfig(CONFIG_DECIPHER_ONLY) - }; - - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_KEY_USAGE_EXT_TEXT", params); - } - - public boolean isApplicable(IPolicyDefault def) { - if (def instanceof NoDefault) - return true; - if (def instanceof KeyUsageExtDefault) - return true; - if (def instanceof UserExtensionDefault) - return true; - return false; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java deleted file mode 100644 index 843360542..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java +++ /dev/null @@ -1,243 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.constraint; - -import java.util.Locale; - -import netscape.security.extensions.NSCertTypeExtension; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.ERejectException; -import com.netscape.certsrv.profile.IPolicyDefault; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.def.NSCertTypeExtDefault; -import com.netscape.cms.profile.def.NoDefault; -import com.netscape.cms.profile.def.UserExtensionDefault; - -/** - * This class implements the Netscape certificate type extension constraint. - * It checks if the Netscape certificate type extension in the certificate - * template satisfies the criteria. - * - * @version $Revision$, $Date$ - */ -public class NSCertTypeExtConstraint extends EnrollConstraint { - - public static final String CONFIG_CRITICAL = "nsCertCritical"; - public static final String CONFIG_SSL_CLIENT = "nsCertSSLClient"; - public static final String CONFIG_SSL_SERVER = "nsCertSSLServer"; - public static final String CONFIG_EMAIL = "nsCertEmail"; - public static final String CONFIG_OBJECT_SIGNING = "nsCertObjectSigning"; - public static final String CONFIG_SSL_CA = "nsCertSSLCA"; - public static final String CONFIG_EMAIL_CA = "nsCertEmailCA"; - public static final String CONFIG_OBJECT_SIGNING_CA = "nsCertObjectSigningCA"; - - public NSCertTypeExtConstraint() { - super(); - addConfigName(CONFIG_CRITICAL); - addConfigName(CONFIG_SSL_CLIENT); - addConfigName(CONFIG_SSL_SERVER); - addConfigName(CONFIG_EMAIL); - addConfigName(CONFIG_OBJECT_SIGNING); - addConfigName(CONFIG_SSL_CA); - addConfigName(CONFIG_EMAIL_CA); - addConfigName(CONFIG_OBJECT_SIGNING_CA); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(CONFIG_SSL_CLIENT)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", - CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CLIENT")); - } else if (name.equals(CONFIG_SSL_SERVER)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", - CMS.getUserMessage(locale, "CMS_PROFILE_SSL_SERVER")); - } else if (name.equals(CONFIG_EMAIL)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", - CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL")); - } else if (name.equals(CONFIG_OBJECT_SIGNING)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", - CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING")); - } else if (name.equals(CONFIG_SSL_CA)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", - CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CA")); - } else if (name.equals(CONFIG_EMAIL_CA)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", - CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL_CA")); - } else if (name.equals(CONFIG_OBJECT_SIGNING_CA)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", - CMS.getUserMessage(locale, - "CMS_PROFILE_OBJECT_SIGNING_CA")); - } - return null; - } - - /** - * Validates the request. The request is not modified - * during the validation. - */ - public void validate(IRequest request, X509CertInfo info) - throws ERejectException { - NSCertTypeExtension ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - - if (ext == null) { - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - NSCertTypeExtension.CertType_Id.toString())); - } - - String value = getConfig(CONFIG_CRITICAL); - - if (!isOptional(value)) { - boolean critical = getBoolean(value); - - if (critical != ext.isCritical()) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CRITICAL_NOT_MATCHED")); - } - } - value = getConfig(CONFIG_SSL_CLIENT); - if (!isOptional(value)) { - boolean bit = getBoolean(value); - - if (bit != ext.isSet(0)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SSL_CLIENT_NOT_MATCHED", - value)); - } - } - value = getConfig(CONFIG_SSL_SERVER); - if (!isOptional(value)) { - boolean bit = getBoolean(value); - - if (bit != ext.isSet(1)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SSL_SERVER_NOT_MATCHED", - value)); - } - } - value = getConfig(CONFIG_EMAIL); - if (!isOptional(value)) { - boolean bit = getBoolean(value); - - if (bit != ext.isSet(2)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_EMAIL_NOT_MATCHED", - value)); - } - } - value = getConfig(CONFIG_OBJECT_SIGNING); - if (!isOptional(value)) { - boolean bit = getBoolean(value); - - if (bit != ext.isSet(3)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_OBJECT_SIGNING_NOT_MATCHED", - value)); - } - } - value = getConfig(CONFIG_SSL_CA); - if (!isOptional(value)) { - boolean bit = getBoolean(value); - - if (bit != ext.isSet(4)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SSL_CA_NOT_MATCHED", - value)); - } - } - value = getConfig(CONFIG_EMAIL_CA); - if (!isOptional(value)) { - boolean bit = getBoolean(value); - - if (bit != ext.isSet(5)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_EMAIL_CA_NOT_MATCHED", - value)); - } - } - value = getConfig(CONFIG_OBJECT_SIGNING_CA); - if (!isOptional(value)) { - boolean bit = getBoolean(value); - - if (bit != ext.isSet(6)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_OBJECT_SIGNING_CA_NOT_MATCHED", - value)); - } - } - } - - public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_SSL_CLIENT), - getConfig(CONFIG_SSL_SERVER), - getConfig(CONFIG_EMAIL), - getConfig(CONFIG_OBJECT_SIGNING), - getConfig(CONFIG_SSL_CA), - getConfig(CONFIG_EMAIL_CA), - getConfig(CONFIG_OBJECT_SIGNING_CA) - }; - - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_NS_CERT_EXT_TEXT", params); - } - - public boolean isApplicable(IPolicyDefault def) { - if (def instanceof NoDefault) - return true; - if (def instanceof NSCertTypeExtDefault) - return true; - if (def instanceof UserExtensionDefault) - return true; - return false; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java deleted file mode 100644 index 459e9f219..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java +++ /dev/null @@ -1,101 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.constraint; - -import java.util.Enumeration; -import java.util.Locale; -import java.util.Vector; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.ERejectException; -import com.netscape.certsrv.profile.IPolicyConstraint; -import com.netscape.certsrv.profile.IPolicyDefault; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements no constraint. - * - * @version $Revision$, $Date$ - */ -public class NoConstraint implements IPolicyConstraint { - - public static final String CONFIG_NAME = "name"; - - private IConfigStore mConfig = null; - private Vector<String> mNames = new Vector<String>(); - - public Enumeration<String> getConfigNames() { - return mNames.elements(); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - return null; - } - - public void setConfig(String name, String value) - throws EPropertyException { - } - - public String getConfig(String name) { - return null; - } - - public String getDefaultConfig(String name) { - return null; - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - mConfig = config; - } - - public IConfigStore getConfigStore() { - return mConfig; - } - - /** - * Validates the request. The request is not modified - * during the validation. - */ - public void validate(IRequest request) - throws ERejectException { - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_NO_CONSTRAINT_TEXT"); - } - - public String getName(Locale locale) { - try { - return mConfig.getString(CONFIG_NAME); - } catch (EBaseException e) { - return null; - } - } - - public boolean isApplicable(IPolicyDefault def) { - return true; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java deleted file mode 100644 index fb01d7d14..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java +++ /dev/null @@ -1,165 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.constraint; - -import java.math.BigInteger; -import java.util.Date; -import java.util.Locale; - -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.ERejectException; -import com.netscape.certsrv.profile.IPolicyDefault; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.def.NoDefault; - -/** - * This class supports renewal grace period, which has two - * parameters: graceBefore and graceAfter - * - * @author Christina Fu - * @version $Revision$, $Date$ - */ -public class RenewGracePeriodConstraint extends EnrollConstraint { - - // for renewal: # of days before the orig cert expiration date - public static final String CONFIG_RENEW_GRACE_BEFORE = "renewal.graceBefore"; - // for renewal: # of days after the orig cert expiration date - public static final String CONFIG_RENEW_GRACE_AFTER = "renewal.graceAfter"; - - public RenewGracePeriodConstraint() { - super(); - addConfigName(CONFIG_RENEW_GRACE_BEFORE); - addConfigName(CONFIG_RENEW_GRACE_AFTER); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public void setConfig(String name, String value) - throws EPropertyException { - if (name.equals(CONFIG_RENEW_GRACE_BEFORE) || - name.equals(CONFIG_RENEW_GRACE_AFTER)) { - try { - Integer.parseInt(value); - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_RENEW_GRACE_BEFORE + " or " + CONFIG_RENEW_GRACE_AFTER)); - } - } - super.setConfig(name, value); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_RENEW_GRACE_BEFORE)) { - return new Descriptor(IDescriptor.INTEGER, null, "30", - CMS.getUserMessage(locale, "CMS_PROFILE_RENEW_GRACE_BEFORE")); - } else if (name.equals(CONFIG_RENEW_GRACE_AFTER)) { - return new Descriptor(IDescriptor.INTEGER, null, "30", - CMS.getUserMessage(locale, "CMS_PROFILE_RENEW_GRACE_AFTER")); - } - return null; - } - - public void validate(IRequest req, X509CertInfo info) - throws ERejectException { - String origExpDate_s = req.getExtDataInString("origNotAfter"); - // probably not for renewal - if (origExpDate_s == null) { - return; - } else { - CMS.debug("validate RenewGracePeriod: original cert expiration date found... renewing"); - } - CMS.debug("ValidilityConstraint: validateRenewGraceperiod begins"); - BigInteger origExpDate_BI = new BigInteger(origExpDate_s); - Date origExpDate = new Date(origExpDate_BI.longValue()); - String renew_grace_before_s = getConfig(CONFIG_RENEW_GRACE_BEFORE); - String renew_grace_after_s = getConfig(CONFIG_RENEW_GRACE_AFTER); - int renew_grace_before = 0; - int renew_grace_after = 0; - BigInteger renew_grace_before_BI = new BigInteger(renew_grace_before_s); - BigInteger renew_grace_after_BI = new BigInteger(renew_grace_after_s); - - // -1 means no limit - if (renew_grace_before_s == "") - renew_grace_before = -1; - else - renew_grace_before = Integer.parseInt(renew_grace_before_s); - - if (renew_grace_after_s == "") - renew_grace_after = -1; - else - renew_grace_after = Integer.parseInt(renew_grace_after_s); - - if (renew_grace_before > 0) - renew_grace_before_BI = renew_grace_before_BI.multiply(BigInteger.valueOf(1000 * 86400)); - if (renew_grace_after > 0) - renew_grace_after_BI = renew_grace_after_BI.multiply(BigInteger.valueOf(1000 * 86400)); - - Date current = CMS.getCurrentDate(); - long millisDiff = origExpDate.getTime() - current.getTime(); - CMS.debug("validateRenewGracePeriod: millisDiff=" - + millisDiff + " origExpDate=" + origExpDate.getTime() + " current=" + current.getTime()); - - /* - * "days", if positive, has to be less than renew_grace_before - * "days", if negative, means already past expiration date, - * (abs value) has to be less than renew_grace_after - * if renew_grace_before or renew_grace_after are negative - * the one with negative value is ignored - */ - if (millisDiff >= 0) { - if ((renew_grace_before > 0) && (millisDiff > renew_grace_before_BI.longValue())) { - throw new ERejectException(CMS.getUserMessage(getLocale(req), - "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD", - renew_grace_before + " days before and " + - renew_grace_after + " days after original cert expiration date")); - } - } else { - if ((renew_grace_after > 0) && ((0 - millisDiff) > renew_grace_after_BI.longValue())) { - throw new ERejectException(CMS.getUserMessage(getLocale(req), - "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD", - renew_grace_before + " days before and " + - renew_grace_after + " days after original cert expiration date")); - } - } - } - - public String getText(Locale locale) { - String renew_grace_before_s = getConfig(CONFIG_RENEW_GRACE_BEFORE); - String renew_grace_after_s = getConfig(CONFIG_RENEW_GRACE_AFTER); - return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_VALIDITY_TEXT", - renew_grace_before_s + " days before and " + - renew_grace_after_s + " days after original cert expiration date"); - } - - public boolean isApplicable(IPolicyDefault def) { - if (def instanceof NoDefault) - return true; - return false; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java deleted file mode 100644 index 4dbe329b3..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java +++ /dev/null @@ -1,160 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.constraint; - -import java.util.Locale; -import java.util.StringTokenizer; -import java.util.Vector; - -import netscape.security.x509.AlgorithmId; -import netscape.security.x509.CertificateAlgorithmId; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.ERejectException; -import com.netscape.certsrv.profile.IPolicyDefault; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.def.NoDefault; -import com.netscape.cms.profile.def.SigningAlgDefault; -import com.netscape.cms.profile.def.UserSigningAlgDefault; - -/** - * This class implements the signing algorithm constraint. - * It checks if the signing algorithm in the certificate - * template satisfies the criteria. - * - * @version $Revision$, $Date$ - */ -public class SigningAlgConstraint extends EnrollConstraint { - - public static final String CONFIG_ALGORITHMS_ALLOWED = "signingAlgsAllowed"; - - private static StringBuffer sb = new StringBuffer(""); - static { - for (int i = 0; i < AlgorithmId.ALL_SIGNING_ALGORITHMS.length; i++) { - if (i > 0) { - sb.append(","); - } - sb.append(AlgorithmId.ALL_SIGNING_ALGORITHMS[i]); - } - } - public static final String DEF_CONFIG_ALGORITHMS = new String(sb); - - public SigningAlgConstraint() { - super(); - addConfigName(CONFIG_ALGORITHMS_ALLOWED); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public void setConfig(String name, String value) - throws EPropertyException { - - if (mConfig.getSubStore("params") == null) { - CMS.debug("SigningAlgConstraint: mConfig.getSubStore is null"); - } else { - CMS.debug("SigningAlgConstraint: setConfig name=" + name + - " value=" + value); - - if (name.equals(CONFIG_ALGORITHMS_ALLOWED)) { - StringTokenizer st = new StringTokenizer(value, ","); - while (st.hasMoreTokens()) { - String v = st.nextToken(); - if (DEF_CONFIG_ALGORITHMS.indexOf(v) == -1) { - throw new EPropertyException( - CMS.getUserMessage("CMS_PROFILE_PROPERTY_ERROR", v)); - } - } - } - mConfig.getSubStore("params").putString(name, value); - } - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_ALGORITHMS_ALLOWED)) { - return new Descriptor(IDescriptor.STRING, null, - DEF_CONFIG_ALGORITHMS, - CMS.getUserMessage(locale, - "CMS_PROFILE_SIGNING_ALGORITHMS_ALLOWED")); - } - return null; - } - - /** - * Validates the request. The request is not modified - * during the validation. - */ - public void validate(IRequest request, X509CertInfo info) - throws ERejectException { - CertificateAlgorithmId algId = null; - - try { - algId = (CertificateAlgorithmId) info.get(X509CertInfo.ALGORITHM_ID); - AlgorithmId id = (AlgorithmId) - algId.get(CertificateAlgorithmId.ALGORITHM); - - Vector<String> mCache = new Vector<String>(); - StringTokenizer st = new StringTokenizer( - getConfig(CONFIG_ALGORITHMS_ALLOWED), ","); - - while (st.hasMoreTokens()) { - String token = st.nextToken(); - - mCache.addElement(token); - } - - if (!mCache.contains(id.toString())) { - throw new ERejectException(CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_SIGNING_ALGORITHM_NOT_MATCHED", id.toString())); - } - } catch (Exception e) { - if (e instanceof ERejectException) { - throw (ERejectException) e; - } - CMS.debug("SigningAlgConstraint: " + e.toString()); - throw new ERejectException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_SIGNING_ALGORITHM_NOT_FOUND")); - } - - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_SIGNING_ALG_TEXT", - getConfig(CONFIG_ALGORITHMS_ALLOWED)); - } - - public boolean isApplicable(IPolicyDefault def) { - if (def instanceof NoDefault) - return true; - if (def instanceof UserSigningAlgDefault) - return true; - if (def instanceof SigningAlgDefault) - return true; - return false; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java deleted file mode 100644 index 477e99b98..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java +++ /dev/null @@ -1,136 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.constraint; - -import java.io.IOException; -import java.util.Locale; - -import netscape.security.x509.CertificateSubjectName; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.ERejectException; -import com.netscape.certsrv.profile.IPolicyDefault; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.def.NoDefault; -import com.netscape.cms.profile.def.SubjectNameDefault; -import com.netscape.cms.profile.def.UserSubjectNameDefault; - -/** - * This class implements the subject name constraint. - * It checks if the subject name in the certificate - * template satisfies the criteria. - * - * @version $Revision$, $Date$ - */ -public class SubjectNameConstraint extends EnrollConstraint { - - public static final String CONFIG_PATTERN = "pattern"; - - public SubjectNameConstraint() { - // configuration names - addConfigName(CONFIG_PATTERN); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_PATTERN)) { - return new Descriptor(IDescriptor.STRING, - null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME_PATTERN")); - } else { - return null; - } - } - - public String getDefaultConfig(String name) { - return null; - } - - /** - * Validates the request. The request is not modified - * during the validation. - */ - public void validate(IRequest request, X509CertInfo info) - throws ERejectException { - CMS.debug("SubjectNameConstraint: validate start"); - CertificateSubjectName sn = null; - - try { - sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); - CMS.debug("SubjectNameConstraint: validate cert subject =" + - sn.toString()); - } catch (Exception e) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); - } - X500Name sn500 = null; - - try { - sn500 = (X500Name) sn.get(CertificateSubjectName.DN_NAME); - } catch (IOException e) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); - } - if (sn500 == null) { - CMS.debug("SubjectNameConstraint: validate() - sn500 is null"); - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); - } else { - CMS.debug("SubjectNameConstraint: validate() - sn500 " + - CertificateSubjectName.DN_NAME + " = " + - sn500.toString()); - } - if (!sn500.toString().matches(getConfig(CONFIG_PATTERN))) { - CMS.debug("SubjectNameConstraint: validate() - sn500 not matching pattern " + getConfig(CONFIG_PATTERN)); - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_MATCHED", - sn500.toString())); - } - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_SUBJECT_NAME_TEXT", - getConfig(CONFIG_PATTERN)); - } - - public boolean isApplicable(IPolicyDefault def) { - if (def instanceof NoDefault) - return true; - if (def instanceof SubjectNameDefault) - return true; - if (def instanceof UserSubjectNameDefault) - return true; - return false; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java deleted file mode 100644 index f10130aa6..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java +++ /dev/null @@ -1,295 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.constraint; - -import java.util.Enumeration; -import java.util.Locale; - -import netscape.security.x509.CertificateSubjectName; -import netscape.security.x509.CertificateX509Key; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertImpl; -import netscape.security.x509.X509CertInfo; -import netscape.security.x509.X509Key; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.ca.ICertificateAuthority; -import com.netscape.certsrv.dbs.certdb.ICertRecord; -import com.netscape.certsrv.dbs.certdb.ICertRecordList; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.ERejectException; -import com.netscape.certsrv.profile.IPolicyDefault; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.def.NoDefault; - -/** - * This constraint is to check for publickey uniqueness. - * The config param "allowSameKeyRenewal" enables the - * situation where if the publickey is not unique, and if - * the subject DN is the same, that is a "renewal". - * - * Another "feature" that is quoted out of this code is the - * "revokeDupKeyCert" option, which enables the revocation - * of certs that bear the same publickey as the enrolling - * request. Since this can potentially be abused, it is taken - * out and preserved in comments to allow future refinement. - * - * @version $Revision$, $Date$ - */ -public class UniqueKeyConstraint extends EnrollConstraint { - /* - public static final String CONFIG_REVOKE_DUPKEY_CERT = - "revokeDupKeyCert"; - boolean mRevokeDupKeyCert = false; - */ - public static final String CONFIG_ALLOW_SAME_KEY_RENEWAL = - "allowSameKeyRenewal"; - boolean mAllowSameKeyRenewal = false; - public ICertificateAuthority mCA = null; - - public UniqueKeyConstraint() { - super(); - /* - addConfigName(CONFIG_REVOKE_DUPKEY_CERT); - */ - addConfigName(CONFIG_ALLOW_SAME_KEY_RENEWAL); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - mCA = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - /* - if (name.equals(CONFIG_REVOKE_DUPKEY_CERT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_REVOKE_DUPKEY_CERT")); - } - */ - if (name.equals(CONFIG_ALLOW_SAME_KEY_RENEWAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_ALLOW_SAME_KEY_RENEWAL")); - } - return null; - } - - public String getDefaultConfig(String name) { - return null; - } - - /** - * Validates the request. The request is not modified - * during the validation. - */ - public void validate(IRequest request, X509CertInfo info) - throws ERejectException { - boolean rejected = false; - int size = 0; - ICertRecordList list; - - /* - mRevokeDupKeyCert = - getConfigBoolean(CONFIG_REVOKE_DUPKEY_CERT); - */ - mAllowSameKeyRenewal = getConfigBoolean(CONFIG_ALLOW_SAME_KEY_RENEWAL); - - try { - CertificateX509Key infokey = (CertificateX509Key) - info.get(X509CertInfo.KEY); - X509Key key = (X509Key) - infokey.get(CertificateX509Key.KEY); - - // check for key uniqueness - byte pub[] = key.getEncoded(); - String pub_s = escapeBinaryData(pub); - String filter = "(" + ICertRecord.ATTR_X509CERT_PUBLIC_KEY_DATA + "=" + pub_s + ")"; - list = - (ICertRecordList) - mCA.getCertificateRepository().findCertRecordsInList(filter, null, 10); - size = list.getSize(); - - } catch (Exception e) { - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_INTERNAL_ERROR", e.toString())); - } - - /* - * It does not matter if the corresponding cert's status - * is valid or not, we don't want a key that was once - * generated before - */ - if (size > 0) { - CMS.debug("UniqueKeyConstraint: found existing cert with duplicate key."); - - /* - The following code revokes the existing certs that have - the same public key as the one submitted for enrollment - request. However, it is not a good idea due to possible - abuse. It is therefore commented out. It is still - however still maintained for possible utilization at later - time - - // if configured to revoke duplicated key - // revoke cert - if (mRevokeDupKeyCert) { - try { - Enumeration e = list.getCertRecords(0, size-1); - while (e != null && e.hasMoreElements()) { - ICertRecord rec = (ICertRecord) e.nextElement(); - X509CertImpl cert = rec.getCertificate(); - - // revoke the cert - BigInteger serialNum = cert.getSerialNumber(); - ICAService service = (ICAService) mCA.getCAService(); - - RevokedCertImpl crlEntry = - formCRLEntry(serialNum, RevocationReason.KEY_COMPROMISE); - service.revokeCert(crlEntry); - CMS.debug("UniqueKeyConstraint: certificate with duplicate publickey revoked successfully"); - } - } catch (Exception ex) { - CMS.debug("UniqueKeyConstraint: error in revoke dupkey cert"); - } - } // revoke dupkey cert turned on - */ - - if (mAllowSameKeyRenewal == true) { - X500Name sjname_in_db = null; - X500Name sjname_in_req = null; - - try { - // get subject of request - CertificateSubjectName subName = - (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); - - if (subName != null) { - - sjname_in_req = - (X500Name) subName.get(CertificateSubjectName.DN_NAME); - CMS.debug("UniqueKeyConstraint: cert request subject DN =" + sjname_in_req.toString()); - Enumeration<ICertRecord> e = list.getCertRecords(0, size - 1); - while (e != null && e.hasMoreElements()) { - ICertRecord rec = e.nextElement(); - X509CertImpl cert = rec.getCertificate(); - String certDN = - cert.getSubjectDN().toString(); - CMS.debug("UniqueKeyConstraint: cert retrieved from ldap has subject DN =" + certDN); - - sjname_in_db = new X500Name(certDN); - - if (sjname_in_db.equals(sjname_in_req) == false) { - rejected = true; - break; - } else { - rejected = false; - } - } // while - } else { //subName is null - rejected = true; - } - } catch (Exception ex1) { - CMS.debug("UniqueKeyConstraint: error in allowSameKeyRenewal: " + ex1.toString()); - rejected = true; - } // try - - } else { - rejected = true; - }// allowSameKeyRenewal - } // (size > 0) - - if (rejected == true) { - CMS.debug("UniqueKeyConstraint: rejected"); - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_DUPLICATE_KEY")); - } else { - CMS.debug("UniqueKeyConstraint: approved"); - } - } - - /** - * make a CRL entry from a serial number and revocation reason. - * - * @return a RevokedCertImpl that can be entered in a CRL. - * - * protected RevokedCertImpl formCRLEntry( - * BigInteger serialNo, RevocationReason reason) - * throws EBaseException { - * CRLReasonExtension reasonExt = new CRLReasonExtension(reason); - * CRLExtensions crlentryexts = new CRLExtensions(); - * - * try { - * crlentryexts.set(CRLReasonExtension.NAME, reasonExt); - * } catch (IOException e) { - * CMS.debug("CMSGW_ERR_CRL_REASON "+e.toString()); - * - * // throw new ECMSGWException( - * // CMS.getLogMessage("CMSGW_ERROR_SETTING_CRLREASON")); - * - * } - * RevokedCertImpl crlentry = - * new RevokedCertImpl(serialNo, CMS.getCurrentDate(), - * crlentryexts); - * - * return crlentry; - * } - */ - - public String getText(Locale locale) { - String params[] = { - /* - getConfig(CONFIG_REVOKE_DUPKEY_CERT), - */ - }; - - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_ALLOW_SAME_KEY_RENEWAL_TEXT", params); - } - - public static String escapeBinaryData(byte data[]) { - StringBuffer sb = new StringBuffer(); - - for (int i = 0; i < data.length; i++) { - int v = 0xff & data[i]; - sb.append("\\"); - sb.append((v < 16 ? "0" : "")); - sb.append(Integer.toHexString(v)); - } - return sb.toString(); - } - - public boolean isApplicable(IPolicyDefault def) { - if (def instanceof NoDefault) - return true; - if (def instanceof UniqueKeyConstraint) - return true; - - return false; - } - -} diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java deleted file mode 100644 index 7a985b631..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java +++ /dev/null @@ -1,251 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.constraint; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Locale; - -import netscape.security.x509.CRLExtensions; -import netscape.security.x509.CRLReasonExtension; -import netscape.security.x509.CertificateExtensions; -import netscape.security.x509.CertificateSubjectName; -import netscape.security.x509.Extension; -import netscape.security.x509.KeyUsageExtension; -import netscape.security.x509.RevocationReason; -import netscape.security.x509.X509CertImpl; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authority.IAuthority; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.ca.ICertificateAuthority; -import com.netscape.certsrv.dbs.certdb.ICertRecord; -import com.netscape.certsrv.dbs.certdb.ICertificateRepository; -import com.netscape.certsrv.dbs.certdb.IRevocationInfo; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.ERejectException; -import com.netscape.certsrv.profile.IPolicyDefault; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.def.NoDefault; -import com.netscape.cms.profile.def.SubjectNameDefault; -import com.netscape.cms.profile.def.UserSubjectNameDefault; - -/** - * This class implements the unique subject name constraint. - * It checks if the subject name in the certificate is - * unique in the internal database, ie, no two certificates - * have the same subject name. - * - * @version $Revision$, $Date$ - */ -public class UniqueSubjectNameConstraint extends EnrollConstraint { - - public static final String CONFIG_KEY_USAGE_EXTENSION_CHECKING = - "enableKeyUsageExtensionChecking"; - private boolean mKeyUsageExtensionChecking = true; - - public UniqueSubjectNameConstraint() { - addConfigName(CONFIG_KEY_USAGE_EXTENSION_CHECKING); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_KEY_USAGE_EXTENSION_CHECKING)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "true", - CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_KEY_USAGE_EXTENSION_CHECKING")); - } - return null; - } - - public String getDefaultConfig(String name) { - return null; - } - - /** - * Checks if the key extension in the issued certificate - * is the same as the one in the certificate template. - */ - private boolean sameKeyUsageExtension(ICertRecord rec, - X509CertInfo certInfo) { - X509CertImpl impl = rec.getCertificate(); - boolean bits[] = impl.getKeyUsage(); - - CertificateExtensions extensions = null; - - try { - extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); - } catch (IOException e) { - } catch (java.security.cert.CertificateException e) { - } - KeyUsageExtension ext = null; - - if (extensions == null) { - if (bits != null) - return false; - } else { - try { - ext = (KeyUsageExtension) extensions.get( - KeyUsageExtension.NAME); - } catch (IOException e) { - // extension isn't there. - } - - if (ext == null) { - if (bits != null) - return false; - } else { - boolean[] InfoBits = ext.getBits(); - - if (InfoBits == null) { - if (bits != null) - return false; - } else { - if (bits == null) - return false; - if (InfoBits.length != bits.length) { - return false; - } - for (int i = 0; i < InfoBits.length; i++) { - if (InfoBits[i] != bits[i]) - return false; - } - } - } - } - return true; - } - - /** - * Validates the request. The request is not modified - * during the validation. - * - * Rules are as follows: - * If the subject name is not unique, then the request will be rejected unless: - * 1. the certificate is expired or expired_revoked - * 2. the certificate is revoked and the revocation reason is not "on hold" - * 3. the keyUsageExtension bits are different and enableKeyUsageExtensionChecking=true (default) - */ - public void validate(IRequest request, X509CertInfo info) - throws ERejectException { - CMS.debug("UniqueSubjectNameConstraint: validate start"); - CertificateSubjectName sn = null; - IAuthority authority = (IAuthority) CMS.getSubsystem("ca"); - - mKeyUsageExtensionChecking = getConfigBoolean(CONFIG_KEY_USAGE_EXTENSION_CHECKING); - ICertificateRepository certdb = null; - if (authority != null && authority instanceof ICertificateAuthority) { - ICertificateAuthority ca = (ICertificateAuthority) authority; - certdb = ca.getCertificateRepository(); - } - - try { - sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); - } catch (Exception e) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); - } - - String certsubjectname = null; - if (sn == null) - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); - else { - certsubjectname = sn.toString(); - String filter = "x509Cert.subject=" + certsubjectname; - Enumeration<ICertRecord> sameSubjRecords = null; - try { - sameSubjRecords = certdb.findCertRecords(filter); - } catch (EBaseException e) { - CMS.debug("UniqueSubjectNameConstraint exception: " + e.toString()); - } - while (sameSubjRecords != null && sameSubjRecords.hasMoreElements()) { - ICertRecord rec = sameSubjRecords.nextElement(); - String status = rec.getStatus(); - - IRevocationInfo revocationInfo = rec.getRevocationInfo(); - RevocationReason reason = null; - - if (revocationInfo != null) { - CRLExtensions crlExts = revocationInfo.getCRLEntryExtensions(); - - if (crlExts != null) { - Enumeration<Extension> enumx = crlExts.getElements(); - - while (enumx.hasMoreElements()) { - Extension ext = enumx.nextElement(); - - if (ext instanceof CRLReasonExtension) { - reason = ((CRLReasonExtension) ext).getReason(); - } - } - } - } - - if (status.equals(ICertRecord.STATUS_EXPIRED) || status.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) { - continue; - } - - if (status.equals(ICertRecord.STATUS_REVOKED) && reason != null && - (!reason.equals(RevocationReason.CERTIFICATE_HOLD))) { - continue; - } - - if (mKeyUsageExtensionChecking && !sameKeyUsageExtension(rec, info)) { - continue; - } - - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_UNIQUE", - certsubjectname)); - } - } - CMS.debug("UniqueSubjectNameConstraint: validate end"); - } - - public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_KEY_USAGE_EXTENSION_CHECKING) - }; - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_UNIQUE_SUBJECT_NAME_TEXT", - params); - } - - public boolean isApplicable(IPolicyDefault def) { - if (def instanceof NoDefault) - return true; - if (def instanceof SubjectNameDefault) - return true; - if (def instanceof UserSubjectNameDefault) - return true; - return false; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java deleted file mode 100644 index 98a7b4f96..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java +++ /dev/null @@ -1,218 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.constraint; - -import java.io.IOException; -import java.util.Date; -import java.util.Locale; - -import netscape.security.x509.CertificateValidity; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.ERejectException; -import com.netscape.certsrv.profile.IPolicyDefault; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.def.CAValidityDefault; -import com.netscape.cms.profile.def.NoDefault; -import com.netscape.cms.profile.def.UserValidityDefault; -import com.netscape.cms.profile.def.ValidityDefault; - -/** - * This class implements the validity constraint. - * It checks if the validity in the certificate - * template satisfies the criteria. - * - * @version $Revision$, $Date$ - */ -public class ValidityConstraint extends EnrollConstraint { - - public static final String CONFIG_RANGE = "range"; - public static final String CONFIG_NOT_BEFORE_GRACE_PERIOD = "notBeforeGracePeriod"; - public static final String CONFIG_CHECK_NOT_BEFORE = "notBeforeCheck"; - public static final String CONFIG_CHECK_NOT_AFTER = "notAfterCheck"; - public final static long SECS_IN_MS = 1000L; - - private Date mDefNotBefore = null; - private Date mDefNotAfter = null; - - public ValidityConstraint() { - super(); - addConfigName(CONFIG_RANGE); - addConfigName(CONFIG_NOT_BEFORE_GRACE_PERIOD); - addConfigName(CONFIG_CHECK_NOT_BEFORE); - addConfigName(CONFIG_CHECK_NOT_AFTER); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public void setConfig(String name, String value) - throws EPropertyException { - if (name.equals(CONFIG_RANGE) || - name.equals(CONFIG_NOT_BEFORE_GRACE_PERIOD)) { - try { - Integer.parseInt(value); - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", name)); - } - } - super.setConfig(name, value); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_RANGE)) { - return new Descriptor(IDescriptor.INTEGER, null, "365", - CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_RANGE")); - } else if (name.equals(CONFIG_NOT_BEFORE_GRACE_PERIOD)) { - return new Descriptor(IDescriptor.INTEGER, null, "0", - CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_NOT_BEFORE_GRACE_PERIOD")); - } else if (name.equals(CONFIG_CHECK_NOT_BEFORE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", - CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_CHECK_NOT_BEFORE")); - } else if (name.equals(CONFIG_CHECK_NOT_AFTER)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", - CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_CHECK_NOT_AFTER")); - } - return null; - } - - /** - * Validates the request. The request is not modified - * during the validation. - */ - public void validate(IRequest request, X509CertInfo info) - throws ERejectException { - CertificateValidity v = null; - - try { - v = (CertificateValidity) info.get(X509CertInfo.VALIDITY); - } catch (Exception e) { - throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_VALIDITY_NOT_FOUND")); - } - Date notBefore = null; - - try { - notBefore = (Date) v.get(CertificateValidity.NOT_BEFORE); - } catch (IOException e) { - CMS.debug("ValidityConstraint: not before not found"); - throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_VALIDITY_NOT_FOUND")); - } - Date notAfter = null; - - try { - notAfter = (Date) v.get(CertificateValidity.NOT_AFTER); - } catch (IOException e) { - CMS.debug("ValidityConstraint: not after not found"); - throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_VALIDITY_NOT_FOUND")); - } - - if (notAfter.getTime() < notBefore.getTime()) { - CMS.debug("ValidityConstraint: notAfter (" + notAfter + ") < notBefore (" + notBefore + ")"); - throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_NOT_AFTER_BEFORE_NOT_BEFORE")); - } - - long millisDiff = notAfter.getTime() - notBefore.getTime(); - CMS.debug("ValidityConstraint: millisDiff=" - + millisDiff + " notAfter=" + notAfter.getTime() + " notBefore=" + notBefore.getTime()); - long long_days = (millisDiff / 1000) / 86400; - CMS.debug("ValidityConstraint: long_days: " + long_days); - int days = (int) long_days; - CMS.debug("ValidityConstraint: days: " + days); - - if (days > Integer.parseInt(getConfig(CONFIG_RANGE))) { - throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_VALIDITY_OUT_OF_RANGE", - Integer.toString(days))); - } - - // 613828 - // The validity field shall specify a notBefore value - // that does not precede the current time and a notAfter - // value that does not precede the value specified in - // notBefore (test can be automated; try entering violating - // time values and check result). - String notBeforeCheckStr = getConfig(CONFIG_CHECK_NOT_BEFORE); - boolean notBeforeCheck; - - if (notBeforeCheckStr == null || notBeforeCheckStr.equals("")) { - notBeforeCheckStr = "false"; - } - notBeforeCheck = Boolean.valueOf(notBeforeCheckStr).booleanValue(); - - String notAfterCheckStr = getConfig(CONFIG_CHECK_NOT_AFTER); - boolean notAfterCheck; - - if (notAfterCheckStr == null || notAfterCheckStr.equals("")) { - notAfterCheckStr = "false"; - } - notAfterCheck = Boolean.valueOf(notAfterCheckStr).booleanValue(); - - String notBeforeGracePeriodStr = getConfig(CONFIG_NOT_BEFORE_GRACE_PERIOD); - if (notBeforeGracePeriodStr == null || notBeforeGracePeriodStr.equals("")) { - notBeforeGracePeriodStr = "0"; - } - long notBeforeGracePeriod = Long.parseLong(notBeforeGracePeriodStr) * SECS_IN_MS; - - Date current = CMS.getCurrentDate(); - if (notBeforeCheck) { - if (notBefore.getTime() > (current.getTime() + notBeforeGracePeriod)) { - CMS.debug("ValidityConstraint: notBefore (" + notBefore + ") > current + " + - "gracePeriod (" + new Date(current.getTime() + notBeforeGracePeriod) + ")"); - throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_NOT_BEFORE_AFTER_CURRENT")); - } - } - if (notAfterCheck) { - if (notAfter.getTime() < current.getTime()) { - CMS.debug("ValidityConstraint: notAfter (" + notAfter + ") < current + (" + current + ")"); - throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_NOT_AFTER_BEFORE_CURRENT")); - } - } - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_VALIDITY_TEXT", getConfig(CONFIG_RANGE)); - } - - public boolean isApplicable(IPolicyDefault def) { - if (def instanceof NoDefault) - return true; - if (def instanceof UserValidityDefault) - return true; - if (def instanceof ValidityDefault) - return true; - if (def instanceof CAValidityDefault) - return true; - return false; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java deleted file mode 100644 index 4e4f951f7..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java +++ /dev/null @@ -1,454 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Locale; -import java.util.Vector; - -import netscape.security.extensions.AccessDescription; -import netscape.security.extensions.AuthInfoAccessExtension; -import netscape.security.util.ObjectIdentifier; -import netscape.security.x509.GeneralName; -import netscape.security.x509.GeneralNameInterface; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.common.NameValuePairs; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates Authuority Info Access extension. - * - * @version $Revision$, $Date$ - */ -public class AuthInfoAccessExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "authInfoAccessCritical"; - public static final String CONFIG_NUM_ADS = "authInfoAccessNumADs"; - public static final String CONFIG_AD_ENABLE = "authInfoAccessADEnable_"; - public static final String CONFIG_AD_METHOD = "authInfoAccessADMethod_"; - public static final String CONFIG_AD_LOCATIONTYPE = "authInfoAccessADLocationType_"; - public static final String CONFIG_AD_LOCATION = "authInfoAccessADLocation_"; - - public static final String VAL_CRITICAL = "authInfoAccessCritical"; - public static final String VAL_GENERAL_NAMES = "authInfoAccessGeneralNames"; - - private static final String AD_METHOD = "Method"; - private static final String AD_LOCATION_TYPE = "Location Type"; - private static final String AD_LOCATION = "Location"; - private static final String AD_ENABLE = "Enable"; - - private static final int DEF_NUM_AD = 1; - private static final int MAX_NUM_AD = 100; - - public AuthInfoAccessExtDefault() { - super(); - } - - protected int getNumAds() { - int num = DEF_NUM_AD; - String numAds = getConfig(CONFIG_NUM_ADS); - - if (numAds != null) { - try { - num = Integer.parseInt(numAds); - } catch (NumberFormatException e) { - // ignore - } - } - - if (num > MAX_NUM_AD) { - num = DEF_NUM_AD; - } - - return num; - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - refreshConfigAndValueNames(); - } - - public void setConfig(String name, String value) - throws EPropertyException { - int num = 0; - if (name.equals(CONFIG_NUM_ADS)) { - try { - num = Integer.parseInt(value); - - if (num >= MAX_NUM_AD || num < 0) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); - } - - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); - } - } - super.setConfig(name, value); - } - - public Enumeration<String> getConfigNames() { - refreshConfigAndValueNames(); - return super.getConfigNames(); - } - - protected void refreshConfigAndValueNames() { - //refesh our config name list - - super.refreshConfigAndValueNames(); - mConfigNames.removeAllElements(); - addValueName(VAL_CRITICAL); - addValueName(VAL_GENERAL_NAMES); - - // register configuration names bases on num ads - addConfigName(CONFIG_CRITICAL); - int num = getNumAds(); - - addConfigName(CONFIG_NUM_ADS); - for (int i = 0; i < num; i++) { - addConfigName(CONFIG_AD_METHOD + i); - addConfigName(CONFIG_AD_LOCATIONTYPE + i); - addConfigName(CONFIG_AD_LOCATION + i); - addConfigName(CONFIG_AD_ENABLE + i); - } - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.startsWith(CONFIG_AD_METHOD)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_AD_METHOD")); - } else if (name.startsWith(CONFIG_AD_LOCATIONTYPE)) { - return new Descriptor(IDescriptor.CHOICE, - "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", - "URIName", - CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATIONTYPE")); - } else if (name.startsWith(CONFIG_AD_LOCATION)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATION")); - } else if (name.startsWith(CONFIG_AD_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_AD_ENABLE")); - } else if (name.startsWith(CONFIG_NUM_ADS)) { - return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ADS")); - } - return null; - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_GENERAL_NAMES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - AuthInfoAccessExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - AuthInfoAccessExtension a = new AuthInfoAccessExtension(false); - ObjectIdentifier oid = a.getExtensionId(); - - ext = (AuthInfoAccessExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - populate(null, info); - } - - if (name.equals(VAL_CRITICAL)) { - - ext = (AuthInfoAccessExtension) - getExtension(oid.toString(), info); - boolean val = Boolean.valueOf(value).booleanValue(); - - if (ext == null) { - return; - } - ext.setCritical(val); - } else if (name.equals(VAL_GENERAL_NAMES)) { - - ext = (AuthInfoAccessExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - return; - } - boolean critical = ext.isCritical(); - - Vector<NameValuePairs> v = parseRecords(value); - int size = v.size(); - - ext = new AuthInfoAccessExtension(critical); - String method = null; - String locationType = null; - String location = null; - String enable = null; - - for (int i = 0; i < size; i++) { - NameValuePairs nvps = v.elementAt(i); - - for (String name1 : nvps.keySet()) { - - if (name1.equals(AD_METHOD)) { - method = nvps.get(name1); - } else if (name1.equals(AD_LOCATION_TYPE)) { - locationType = nvps.get(name1); - } else if (name1.equals(AD_LOCATION)) { - location = nvps.get(name1); - } else if (name1.equals(AD_ENABLE)) { - enable = nvps.get(name1); - } - } - - if (enable != null && enable.equals("true")) { - GeneralName gn = null; - - if (locationType != null || location != null) { - GeneralNameInterface interface1 = parseGeneralName(locationType + ":" + location); - if (interface1 == null) - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", locationType)); - gn = new GeneralName(interface1); - } - - if (method != null) { - try { - ext.addAccessDescription(new ObjectIdentifier(method), gn); - } catch (NumberFormatException ee) { - CMS.debug("AuthInfoAccessExtDefault: " + ee.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_PROFILE_DEF_AIA_OID", method)); - } - } - } - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - replaceExtension(ext.getExtensionId().toString(), ext, info); - } catch (IOException e) { - CMS.debug("AuthInfoAccessExtDefault: " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } catch (EProfileException e) { - CMS.debug("AuthInfoAccessExtDefault: " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - AuthInfoAccessExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - AuthInfoAccessExtension a = new AuthInfoAccessExtension(false); - ObjectIdentifier oid = a.getExtensionId(); - - ext = (AuthInfoAccessExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - CMS.debug("AuthInfoAccessExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - if (name.equals(VAL_CRITICAL)) { - - ext = (AuthInfoAccessExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_GENERAL_NAMES)) { - - ext = (AuthInfoAccessExtension) - getExtension(oid.toString(), info); - - if (ext == null) - return ""; - - int num = getNumAds(); - - CMS.debug("AuthInfoAccess num=" + num); - Vector<NameValuePairs> recs = new Vector<NameValuePairs>(); - - for (int i = 0; i < num; i++) { - NameValuePairs np = new NameValuePairs(); - AccessDescription des = null; - - if (i < ext.numberOfAccessDescription()) { - des = ext.getAccessDescription(i); - } - if (des == null) { - np.put(AD_METHOD, ""); - np.put(AD_LOCATION_TYPE, ""); - np.put(AD_LOCATION, ""); - np.put(AD_ENABLE, "false"); - } else { - ObjectIdentifier methodOid = des.getMethod(); - GeneralName gn = des.getLocation(); - - np.put(AD_METHOD, methodOid.toString()); - np.put(AD_LOCATION_TYPE, getGeneralNameType(gn)); - np.put(AD_LOCATION, getGeneralNameValue(gn)); - np.put(AD_ENABLE, "true"); - } - recs.addElement(np); - } - - return buildRecords(recs); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - StringBuffer ads = new StringBuffer(); - int num = getNumAds(); - - for (int i = 0; i < num; i++) { - ads.append("Record #"); - ads.append(i); - ads.append("{"); - ads.append(AD_METHOD + ":"); - ads.append(getConfig(CONFIG_AD_METHOD + i)); - ads.append(","); - ads.append(AD_LOCATION_TYPE + ":"); - ads.append(getConfig(CONFIG_AD_LOCATIONTYPE + i)); - ads.append(","); - ads.append(AD_LOCATION + ":"); - ads.append(getConfig(CONFIG_AD_LOCATION + i)); - ads.append(","); - ads.append(AD_ENABLE + ":"); - ads.append(getConfig(CONFIG_AD_ENABLE + i)); - ads.append("}"); - } - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AIA_TEXT", - getConfig(CONFIG_CRITICAL), ads.toString()); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - AuthInfoAccessExtension ext = createExtension(); - - addExtension(ext.getExtensionId().toString(), ext, info); - } - - public AuthInfoAccessExtension createExtension() { - AuthInfoAccessExtension ext = null; - int num = getNumAds(); - - try { - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - - ext = new AuthInfoAccessExtension(critical); - for (int i = 0; i < num; i++) { - String enable = getConfig(CONFIG_AD_ENABLE + i); - if (enable != null && enable.equals("true")) { - CMS.debug("AuthInfoAccess: createExtension i=" + i); - String method = getConfig(CONFIG_AD_METHOD + i); - String locationType = getConfig(CONFIG_AD_LOCATIONTYPE + i); - if (locationType == null || locationType.length() == 0) - locationType = "URIName"; - String location = getConfig(CONFIG_AD_LOCATION + i); - - if (location == null || location.equals("")) { - if (method.equals("1.3.6.1.5.5.7.48.1")) { - String hostname = CMS.getEENonSSLHost(); - String port = CMS.getEENonSSLPort(); - if (hostname != null && port != null) - // location = "http://"+hostname+":"+port+"/ocsp/ee/ocsp"; - location = "http://" + hostname + ":" + port + "/ca/ocsp"; - } - } - - String s = locationType + ":" + location; - GeneralNameInterface gn = parseGeneralName(s); - if (gn != null) { - ext.addAccessDescription(new ObjectIdentifier(method), - new GeneralName(gn)); - } - } - } - } catch (Exception e) { - CMS.debug("AuthInfoAccessExtDefault: createExtension " + - e.toString()); - } - - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java deleted file mode 100644 index 6c0f6e9fc..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java +++ /dev/null @@ -1,152 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Locale; - -import netscape.security.x509.CertificateSubjectName; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfileAuthenticator; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy that - * populates subject name based on the attribute values - * in the authentication token (AuthToken) object. - * - * @version $Revision$, $Date$ - */ -public class AuthTokenSubjectNameDefault extends EnrollDefault { - - public static final String VAL_NAME = "name"; - - public AuthTokenSubjectNameDefault() { - super(); - addValueName(VAL_NAME); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_NAME)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - CMS.debug("AuthTokenSubjectNameDefault: begins"); - if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_NAME)) { - X500Name x500name = null; - - try { - x500name = new X500Name(value); - CMS.debug("AuthTokenSubjectNameDefault: setValue x500name=" + x500name.toString()); - } catch (IOException e) { - CMS.debug("AuthTokenSubjectNameDefault: setValue " + - e.toString()); - // failed to build x500 name - } - CMS.debug("AuthTokenSubjectNameDefault: setValue name=" + x500name.toString()); - try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("AuthTokenSubjectNameDefault: setValue " + - e.toString()); - } - } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) - throw new EPropertyException("Invalid name " + name); - if (name.equals(VAL_NAME)) { - CertificateSubjectName sn = null; - - try { - sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); - return sn.toString(); - } catch (Exception e) { - // nothing - CMS.debug("AuthTokenSubjectNameDefault: getValue " + - e.toString()); - } - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); - } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_AUTHTOKEN_SUBJECT_NAME"); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - - // authenticate the subject name and populate it - // to the certinfo - try { - X500Name name = new X500Name( - request.getExtDataInString(IProfileAuthenticator.AUTHENTICATED_NAME)); - - CMS.debug("AuthTokenSubjectNameDefault: X500Name=" + name.toString()); - info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(name)); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("AuthTokenSubjectNameDefault: " + e.toString()); - throw new EProfileException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java deleted file mode 100644 index 6ec75990c..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java +++ /dev/null @@ -1,190 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Locale; - -import netscape.security.x509.AuthorityKeyIdentifierExtension; -import netscape.security.x509.KeyIdentifier; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates Authority Key Identifier extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { - - public static final String VAL_CRITICAL = "critical"; - public static final String VAL_KEY_ID = "keyid"; - - public AuthorityKeyIdentifierExtDefault() { - super(); - - addValueName(VAL_CRITICAL); - addValueName(VAL_KEY_ID); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, null, CMS.getUserMessage(locale, - "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_KEY_ID)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, null, CMS.getUserMessage(locale, - "CMS_PROFILE_KEY_ID")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_CRITICAL)) { - // do nothing for read only value - } else if (name.equals(VAL_KEY_ID)) { - // do nothing for read only value - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - AuthorityKeyIdentifierExtension ext = - (AuthorityKeyIdentifierExtension) getExtension( - PKIXExtensions.AuthorityKey_Id.toString(), info); - - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - if (name.equals(VAL_CRITICAL)) { - ext = - (AuthorityKeyIdentifierExtension) getExtension( - PKIXExtensions.AuthorityKey_Id.toString(), info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_KEY_ID)) { - ext = - (AuthorityKeyIdentifierExtension) getExtension( - PKIXExtensions.AuthorityKey_Id.toString(), info); - - if (ext == null) { - // do something here - return ""; - } - KeyIdentifier kid = null; - - try { - kid = (KeyIdentifier) - ext.get(AuthorityKeyIdentifierExtension.KEY_ID); - } catch (IOException e) { - // - CMS.debug(e.toString()); - } - if (kid == null) - return ""; - return toHexString(kid.getIdentifier()); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AKI_EXT"); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - AuthorityKeyIdentifierExtension ext = createExtension(info); - - addExtension(PKIXExtensions.AuthorityKey_Id.toString(), ext, info); - } - - public AuthorityKeyIdentifierExtension createExtension(X509CertInfo info) { - KeyIdentifier kid = null; - String localKey = getConfig("localKey"); - if (localKey != null && localKey.equals("true")) { - kid = getKeyIdentifier(info); - } else { - kid = getCAKeyIdentifier(); - } - - if (kid == null) - return null; - AuthorityKeyIdentifierExtension ext = null; - - try { - ext = new AuthorityKeyIdentifierExtension(false, kid, null, null); - } catch (IOException e) { - CMS.debug("AuthorityKeyIdentifierExtDefault: createExtension " + - e.toString()); - } - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java deleted file mode 100644 index 043cf029b..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java +++ /dev/null @@ -1,96 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.util.Locale; - -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that automatically assign request to agent. - * - * @version $Revision$, $Date$ - */ -public class AutoAssignDefault extends EnrollDefault { - - public static final String CONFIG_ASSIGN_TO = "assignTo"; - - public AutoAssignDefault() { - super(); - addConfigName(CONFIG_ASSIGN_TO); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_ASSIGN_TO)) { - return new Descriptor(IDescriptor.STRING, - null, "admin", CMS.getUserMessage(locale, - "CMS_PROFILE_AUTO_ASSIGN")); - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - return null; - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - return null; - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AUTO_ASSIGN", - getConfig(CONFIG_ASSIGN_TO)); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - try { - request.setRequestOwner( - mapPattern(request, getConfig(CONFIG_ASSIGN_TO))); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("AutoAssignDefault: populate " + e.toString()); - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java deleted file mode 100644 index c442bf576..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java +++ /dev/null @@ -1,297 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Locale; - -import netscape.security.x509.BasicConstraintsExtension; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates Basic Constraint extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class BasicConstraintsExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "basicConstraintsCritical"; - public static final String CONFIG_IS_CA = "basicConstraintsIsCA"; - public static final String CONFIG_PATH_LEN = "basicConstraintsPathLen"; - - public static final String VAL_CRITICAL = "basicConstraintsCritical"; - public static final String VAL_IS_CA = "basicConstraintsIsCA"; - public static final String VAL_PATH_LEN = "basicConstraintsPathLen"; - - public BasicConstraintsExtDefault() { - super(); - addValueName(VAL_CRITICAL); - addValueName(VAL_IS_CA); - addValueName(VAL_PATH_LEN); - - addConfigName(CONFIG_CRITICAL); - addConfigName(CONFIG_IS_CA); - addConfigName(CONFIG_PATH_LEN); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(CONFIG_IS_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "true", - CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA")); - } else if (name.equals(CONFIG_PATH_LEN)) { - return new Descriptor(IDescriptor.INTEGER, null, - "-1", - CMS.getUserMessage(locale, "CMS_PROFILE_PATH_LEN")); - } - return null; - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_IS_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "true", - CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA")); - } else if (name.equals(VAL_PATH_LEN)) { - return new Descriptor(IDescriptor.INTEGER, null, - "-1", - CMS.getUserMessage(locale, "CMS_PROFILE_PATH_LEN")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - BasicConstraintsExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - - if (ext == null) { - populate(null, info); - } - - if (name.equals(VAL_CRITICAL)) { - - ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - boolean val = Boolean.valueOf(value).booleanValue(); - - if (ext == null) { - return; - } - ext.setCritical(val); - } else if (name.equals(VAL_IS_CA)) { - ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - if (ext == null) { - return; - } - Boolean isCA = Boolean.valueOf(value); - - ext.set(BasicConstraintsExtension.IS_CA, isCA); - } else if (name.equals(VAL_PATH_LEN)) { - ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - - if (ext == null) { - return; - } - Integer pathLen = Integer.valueOf(value); - - ext.set(BasicConstraintsExtension.PATH_LEN, pathLen); - } else { - throw new EPropertyException("Invalid name " + name); - } - replaceExtension(PKIXExtensions.BasicConstraints_Id.toString(), - ext, info); - } catch (IOException e) { - CMS.debug("BasicConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } catch (EProfileException e) { - CMS.debug("BasicConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - try { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - BasicConstraintsExtension ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - - if (ext == null) { - CMS.debug("BasicConstraintsExtDefault: getValue ext is null, populating a new one "); - - try { - populate(null, info); - - } catch (EProfileException e) { - CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - if (name.equals(VAL_CRITICAL)) { - ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_IS_CA)) { - ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - - if (ext == null) { - return null; - } - Boolean isCA = (Boolean) ext.get(BasicConstraintsExtension.IS_CA); - - return isCA.toString(); - } else if (name.equals(VAL_PATH_LEN)) { - ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - - if (ext == null) { - return null; - } - Integer pathLen = (Integer) - ext.get(BasicConstraintsExtension.PATH_LEN); - - String pLen = null; - - pLen = pathLen.toString(); - if (pLen.equals("-2")) { - //This is done for bug 621700. Profile constraints actually checks for -1 - //The low level security class for some reason sets this to -2 - //This will allow the request to be approved successfuly by the agent. - - pLen = "-1"; - - } - - CMS.debug("BasicConstriantsExtDefault getValue(pLen) " + pLen); - - return pLen; - - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } catch (IOException e) { - CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_IS_CA), - getConfig(CONFIG_PATH_LEN) - }; - - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_BASIC_CONSTRAINTS_EXT", params); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - BasicConstraintsExtension ext = createExtension(); - - addExtension(PKIXExtensions.BasicConstraints_Id.toString(), ext, - info); - } - - public BasicConstraintsExtension createExtension() { - BasicConstraintsExtension ext = null; - - boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL)).booleanValue(); - boolean isCA = Boolean.valueOf(getConfig(CONFIG_IS_CA)).booleanValue(); - String pathLenStr = getConfig(CONFIG_PATH_LEN); - - int pathLen = -2; - - if (!pathLenStr.equals("")) { - - pathLen = Integer.valueOf(pathLenStr).intValue(); - } - - try { - ext = new BasicConstraintsExtension(isCA, critical, pathLen); - } catch (Exception e) { - CMS.debug("BasicConstraintsExtDefault: createExtension " + - e.toString()); - return null; - } - ext.setCritical(critical); - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java deleted file mode 100644 index 872e32960..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java +++ /dev/null @@ -1,106 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.security.cert.CertificateException; - -import netscape.security.x509.CertificateX509Key; -import netscape.security.x509.KeyIdentifier; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.SubjectKeyIdentifierExtension; -import netscape.security.x509.X509CertImpl; -import netscape.security.x509.X509CertInfo; -import netscape.security.x509.X509Key; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.ca.ICertificateAuthority; - -/** - * This class implements an abstract CA specific - * Enrollment default. This policy can only be - * used with CA subsystem. - * - * @version $Revision$, $Date$ - */ -public abstract class CAEnrollDefault extends EnrollDefault { - public CAEnrollDefault() { - } - - public KeyIdentifier getKeyIdentifier(X509CertInfo info) { - try { - CertificateX509Key ckey = (CertificateX509Key) - info.get(X509CertInfo.KEY); - X509Key key = (X509Key) ckey.get(CertificateX509Key.KEY); - MessageDigest md = MessageDigest.getInstance("SHA-1"); - - md.update(key.getKey()); - byte[] hash = md.digest(); - - return new KeyIdentifier(hash); - } catch (IOException e) { - CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + - e.toString()); - } catch (CertificateException e) { - CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + - e.toString()); - } catch (NoSuchAlgorithmException e) { - CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + - e.toString()); - } - return null; - } - - public KeyIdentifier getCAKeyIdentifier() { - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); - X509CertImpl caCert = ca.getCACert(); - if (caCert == null) { - // during configuration, we dont have the CA certificate - return null; - } - X509Key key = (X509Key) caCert.getPublicKey(); - - SubjectKeyIdentifierExtension subjKeyIdExt = - (SubjectKeyIdentifierExtension) - caCert.getExtension(PKIXExtensions.SubjectKey_Id.toString()); - if (subjKeyIdExt != null) { - try { - KeyIdentifier keyId = (KeyIdentifier) subjKeyIdExt.get( - SubjectKeyIdentifierExtension.KEY_ID); - return keyId; - } catch (IOException e) { - } - } - - try { - MessageDigest md = MessageDigest.getInstance("SHA-1"); - - md.update(key.getKey()); - byte[] hash = md.digest(); - - return new KeyIdentifier(hash); - } catch (NoSuchAlgorithmException e) { - CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + - e.toString()); - } - return null; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java deleted file mode 100644 index e3b834ce5..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java +++ /dev/null @@ -1,348 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.text.ParsePosition; -import java.text.SimpleDateFormat; -import java.util.Date; -import java.util.Locale; - -import netscape.security.x509.BasicConstraintsExtension; -import netscape.security.x509.CertificateValidity; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.ca.ICertificateAuthority; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements a CA signing cert enrollment default policy - * that populates a server-side configurable validity - * into the certificate template. - * It allows an agent to bypass the CA's signing cert's expiration constraint - */ -public class CAValidityDefault extends EnrollDefault { - public static final String CONFIG_RANGE = "range"; - public static final String CONFIG_START_TIME = "startTime"; - public static final String CONFIG_BYPASS_CA_NOTAFTER = "bypassCAnotafter"; - - public static final String VAL_NOT_BEFORE = "notBefore"; - public static final String VAL_NOT_AFTER = "notAfter"; - public static final String VAL_BYPASS_CA_NOTAFTER = "bypassCAnotafter"; - - public static final String DATE_FORMAT = "yyyy-MM-dd HH:mm:ss"; - - private long mDefault = 86400000; // 1 days - public ICertificateAuthority mCA = null; - - public CAValidityDefault() { - super(); - addConfigName(CONFIG_RANGE); - addConfigName(CONFIG_START_TIME); - addConfigName(CONFIG_BYPASS_CA_NOTAFTER); - - addValueName(VAL_NOT_BEFORE); - addValueName(VAL_NOT_AFTER); - addValueName(VAL_BYPASS_CA_NOTAFTER); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - mCA = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); - } - - public void setConfig(String name, String value) - throws EPropertyException { - if (name.equals(CONFIG_RANGE)) { - try { - Integer.parseInt(value); - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_RANGE)); - } - } else if (name.equals(CONFIG_START_TIME)) { - try { - Integer.parseInt(value); - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_START_TIME)); - } - } - super.setConfig(name, value); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_RANGE)) { - return new Descriptor(IDescriptor.STRING, - null, - "2922", /* 8 years */ - CMS.getUserMessage(locale, - "CMS_PROFILE_VALIDITY_RANGE")); - } else if (name.equals(CONFIG_START_TIME)) { - return new Descriptor(IDescriptor.STRING, - null, - "60", /* 1 minute */ - CMS.getUserMessage(locale, - "CMS_PROFILE_VALIDITY_START_TIME")); - } else if (name.equals(CONFIG_BYPASS_CA_NOTAFTER)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_BYPASS_CA_NOTAFTER")); - - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_NOT_BEFORE)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_NOT_BEFORE")); - } else if (name.equals(VAL_NOT_AFTER)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_NOT_AFTER")); - } else if (name.equals(VAL_BYPASS_CA_NOTAFTER)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_BYPASS_CA_NOTAFTER")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (value == null || value.equals("")) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - CMS.debug("CAValidityDefault: setValue name= " + name); - - if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); - ParsePosition pos = new ParsePosition(0); - Date date = formatter.parse(value, pos); - CertificateValidity validity = null; - - try { - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); - validity.set(CertificateValidity.NOT_BEFORE, - date); - } catch (Exception e) { - CMS.debug("CAValidityDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); - ParsePosition pos = new ParsePosition(0); - Date date = formatter.parse(value, pos); - CertificateValidity validity = null; - - try { - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); - validity.set(CertificateValidity.NOT_AFTER, - date); - } catch (Exception e) { - CMS.debug("CAValidityDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else if (name.equals(VAL_BYPASS_CA_NOTAFTER)) { - boolean bypassCAvalidity = Boolean.valueOf(value).booleanValue(); - CMS.debug("CAValidityDefault: setValue: bypassCAvalidity=" + bypassCAvalidity); - - BasicConstraintsExtension ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - - if (ext == null) { - CMS.debug("CAValidityDefault: setValue: this default cannot be applied to non-CA cert."); - return; - } - try { - Boolean isCA = (Boolean) ext.get(BasicConstraintsExtension.IS_CA); - if (isCA.booleanValue() != true) { - CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert."); - return; - } - } catch (Exception e) { - CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert." + e.toString()); - return; - } - - CertificateValidity validity = null; - Date notAfter = null; - try { - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); - notAfter = (Date) validity.get(CertificateValidity.NOT_AFTER); - } catch (Exception e) { - CMS.debug("CAValidityDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - // not to exceed CA's expiration - Date caNotAfter = - mCA.getSigningUnit().getCertImpl().getNotAfter(); - - if (notAfter.after(caNotAfter)) { - if (bypassCAvalidity == false) { - notAfter = caNotAfter; - CMS.debug("CAValidityDefault: setValue: bypassCAvalidity off. reset notAfter to caNotAfter. reset "); - } else { - CMS.debug("CAValidityDefault: setValue: bypassCAvalidity on. notAfter is after caNotAfter. no reset"); - } - } - try { - validity.set(CertificateValidity.NOT_AFTER, - notAfter); - } catch (Exception e) { - CMS.debug("CAValidityDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - - if (name == null) - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - - CMS.debug("CAValidityDefault: getValue: name= " + name); - if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); - CertificateValidity validity = null; - - try { - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); - return formatter.format((Date) - validity.get(CertificateValidity.NOT_BEFORE)); - } catch (Exception e) { - CMS.debug("CAValidityDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); - CertificateValidity validity = null; - - try { - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); - return formatter.format((Date) - validity.get(CertificateValidity.NOT_AFTER)); - } catch (Exception e) { - CMS.debug("CAValidityDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else if (name.equals(VAL_BYPASS_CA_NOTAFTER)) { - return "false"; - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_RANGE), - getConfig(CONFIG_BYPASS_CA_NOTAFTER) - }; - - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", params); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - - // always + 60 seconds - String startTimeStr = getConfig(CONFIG_START_TIME); - try { - startTimeStr = mapPattern(request, startTimeStr); - } catch (IOException e) { - CMS.debug("CAValidityDefault: populate " + e.toString()); - } - - if (startTimeStr == null || startTimeStr.equals("")) { - startTimeStr = "60"; - } - int startTime = Integer.parseInt(startTimeStr); - Date notBefore = new Date(CMS.getCurrentDate().getTime() + (1000 * startTime)); - long notAfterVal = 0; - - try { - String rangeStr = getConfig(CONFIG_RANGE); - rangeStr = mapPattern(request, rangeStr); - notAfterVal = notBefore.getTime() + - (mDefault * Integer.parseInt(rangeStr)); - } catch (Exception e) { - // configured value is not correct - CMS.debug("CAValidityDefault: populate " + e.toString()); - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_RANGE)); - } - Date notAfter = new Date(notAfterVal); - - CertificateValidity validity = - new CertificateValidity(notBefore, notAfter); - - try { - info.set(X509CertInfo.VALIDITY, validity); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("CAValidityDefault: populate " + e.toString()); - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_INVALID_PROPERTY", X509CertInfo.VALIDITY)); - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java deleted file mode 100644 index d1def3d5d..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java +++ /dev/null @@ -1,696 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Locale; -import java.util.StringTokenizer; -import java.util.Vector; - -import netscape.security.util.BitArray; -import netscape.security.x509.CRLDistributionPoint; -import netscape.security.x509.CRLDistributionPointsExtension; -import netscape.security.x509.CRLDistributionPointsExtension.Reason; -import netscape.security.x509.GeneralName; -import netscape.security.x509.GeneralNames; -import netscape.security.x509.GeneralNamesException; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.RDN; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.common.NameValuePairs; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a CRL Distribution points extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class CRLDistributionPointsExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "crlDistPointsCritical"; - public static final String CONFIG_NUM_POINTS = "crlDistPointsNum"; - public static final String CONFIG_POINT_TYPE = "crlDistPointsPointType_"; - public static final String CONFIG_POINT_NAME = "crlDistPointsPointName_"; - public static final String CONFIG_REASONS = "crlDistPointsReasons_"; - public static final String CONFIG_ISSUER_TYPE = "crlDistPointsIssuerType_"; - public static final String CONFIG_ISSUER_NAME = "crlDistPointsIssuerName_"; - public static final String CONFIG_ENABLE = "crlDistPointsEnable_"; - - public static final String VAL_CRITICAL = "crlDistPointsCritical"; - public static final String VAL_CRL_DISTRIBUTION_POINTS = "crlDistPointsValue"; - - private static final String REASONS = "Reasons"; - private static final String POINT_TYPE = "Point Type"; - private static final String POINT_NAME = "Point Name"; - private static final String ISSUER_TYPE = "Issuer Type"; - private static final String ISSUER_NAME = "Issuer Name"; - private static final String ENABLE = "Enable"; - - private static final String RELATIVETOISSUER = "RelativeToIssuer"; - - private static final int DEF_NUM_POINTS = 1; - private static final int MAX_NUM_POINTS = 100; - - public CRLDistributionPointsExtDefault() { - super(); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - refreshConfigAndValueNames(); - } - - public void setConfig(String name, String value) - throws EPropertyException { - int num = 0; - if (name.equals(CONFIG_NUM_POINTS)) { - try { - num = Integer.parseInt(value); - - if (num >= MAX_NUM_POINTS || num < 0) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS)); - } - - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS)); - } - } - super.setConfig(name, value); - } - - public Enumeration<String> getConfigNames() { - refreshConfigAndValueNames(); - return super.getConfigNames(); - } - - protected void refreshConfigAndValueNames() { - super.refreshConfigAndValueNames(); - - addValueName(VAL_CRITICAL); - addValueName(VAL_CRL_DISTRIBUTION_POINTS); - - addConfigName(CONFIG_CRITICAL); - int num = getNumPoints(); - - addConfigName(CONFIG_NUM_POINTS); - for (int i = 0; i < num; i++) { - addConfigName(CONFIG_POINT_TYPE + i); - addConfigName(CONFIG_POINT_NAME + i); - addConfigName(CONFIG_REASONS + i); - addConfigName(CONFIG_ISSUER_TYPE + i); - addConfigName(CONFIG_ISSUER_NAME + i); - addConfigName(CONFIG_ENABLE + i); - } - } - - protected int getNumPoints() { - int num = DEF_NUM_POINTS; - String val = getConfig(CONFIG_NUM_POINTS); - - if (val != null) { - try { - num = Integer.parseInt(val); - } catch (NumberFormatException e) { - // ignore - } - } - - if (num >= MAX_NUM_POINTS) - num = DEF_NUM_POINTS; - - return num; - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.startsWith(CONFIG_POINT_TYPE)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_POINT_TYPE")); - } else if (name.startsWith(CONFIG_POINT_NAME)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_POINT_NAME")); - } else if (name.startsWith(CONFIG_REASONS)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_REASONS")); - } else if (name.startsWith(CONFIG_ISSUER_TYPE)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_TYPE")); - } else if (name.startsWith(CONFIG_ISSUER_NAME)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_NAME")); - } else if (name.startsWith(CONFIG_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); - } else if (name.startsWith(CONFIG_NUM_POINTS)) { - return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_DIST_POINTS")); - - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_CRL_DISTRIBUTION_POINTS")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - CRLDistributionPointsExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = (CRLDistributionPointsExtension) - getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); - - if (ext == null) { - populate(locale, info); - } - - if (name.equals(VAL_CRITICAL)) { - ext = (CRLDistributionPointsExtension) - getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); - boolean val = Boolean.valueOf(value).booleanValue(); - - if (ext == null) { - return; - } - ext.setCritical(val); - } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { - ext = (CRLDistributionPointsExtension) - getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); - - if (ext == null) { - return; - } - Vector<NameValuePairs> v = parseRecords(value); - int size = v.size(); - - boolean critical = ext.isCritical(); - int i = 0; - - for (; i < size; i++) { - NameValuePairs nvps = v.elementAt(i); - String pointType = null; - String pointValue = null; - String issuerType = null; - String issuerValue = null; - String enable = null; - CRLDistributionPoint cdp = new CRLDistributionPoint(); - - for (String name1 : nvps.keySet()) { - - if (name1.equals(REASONS)) { - addReasons(locale, cdp, REASONS, nvps.get(name1)); - } else if (name1.equals(POINT_TYPE)) { - pointType = nvps.get(name1); - } else if (name1.equals(POINT_NAME)) { - pointValue = nvps.get(name1); - } else if (name1.equals(ISSUER_TYPE)) { - issuerType = nvps.get(name1); - } else if (name1.equals(ISSUER_NAME)) { - issuerValue = nvps.get(name1); - } else if (name1.equals(ENABLE)) { - enable = nvps.get(name1); - } - } - - if (enable != null && enable.equals("true")) { - if (pointType != null) - addCRLPoint(locale, cdp, pointType, pointValue); - if (issuerType != null) - addIssuer(locale, cdp, issuerType, issuerValue); - - // this is the first distribution point - if (i == 0) { - ext = new CRLDistributionPointsExtension(cdp); - ext.setCritical(critical); - } else { - ext.addPoint(cdp); - } - } - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - replaceExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - ext, info); - } catch (EProfileException e) { - CMS.debug("CRLDistributionPointsExtDefault: setValue " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - private void addCRLPoint(Locale locale, CRLDistributionPoint cdp, String type, - String value) throws EPropertyException { - try { - if (value == null || value.length() == 0) - return; - - if (type.equals(RELATIVETOISSUER)) { - cdp.setRelativeName(new RDN(value)); - } else if (isGeneralNameType(type)) { - GeneralNames gen = new GeneralNames(); - gen.addElement(parseGeneralName(type, value)); - cdp.setFullName(gen); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", type)); - } - } catch (IOException e) { - CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", type)); - } catch (GeneralNamesException e) { - CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", type)); - } - } - - private void addIssuer(Locale locale, CRLDistributionPoint cdp, String type, - String value) throws EPropertyException { - if (value == null || value.length() == 0) - return; - try { - if (isGeneralNameType(type)) { - GeneralNames gen = new GeneralNames(); - - gen.addElement(parseGeneralName(type, value)); - cdp.setCRLIssuer(gen); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", type)); - } - } catch (IOException e) { - CMS.debug("CRLDistributionPointsExtDefault: addIssuer " + - e.toString()); - } catch (GeneralNamesException e) { - CMS.debug("CRLDistributionPointsExtDefault: addIssuer " + - e.toString()); - } - } - - private void addReasons(Locale locale, CRLDistributionPoint cdp, String type, - String value) throws EPropertyException { - if (value == null || value.length() == 0) - return; - if (type.equals(REASONS)) { - if (value != null && !value.equals("")) { - StringTokenizer st = new StringTokenizer(value, ", \t"); - byte reasonBits = 0; - - while (st.hasMoreTokens()) { - String s = st.nextToken(); - Reason r = Reason.fromString(s); - - if (r == null) { - CMS.debug("CRLDistributeionPointsExtDefault: addReasons Unknown reason: " + s); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", s)); - } else { - reasonBits |= r.getBitMask(); - } - } - - if (reasonBits != 0) { - BitArray ba = new BitArray(8, new byte[] { reasonBits } - ); - - cdp.setReasons(ba); - } - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", type)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - CRLDistributionPointsExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = (CRLDistributionPointsExtension) - getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); - - if (ext == null) { - try { - populate(locale, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - if (name.equals(VAL_CRITICAL)) { - ext = (CRLDistributionPointsExtension) - getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { - ext = (CRLDistributionPointsExtension) - getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); - - if (ext == null) - return ""; - - Vector<NameValuePairs> recs = new Vector<NameValuePairs>(); - int num = getNumPoints(); - - for (int i = 0; i < num; i++) { - NameValuePairs pairs = null; - - if (i < ext.getNumPoints()) { - CRLDistributionPoint p = ext.getPointAt(i); - GeneralNames gns = p.getFullName(); - - pairs = buildGeneralNames(gns, p); - recs.addElement(pairs); - } else { - pairs = buildEmptyGeneralNames(); - recs.addElement(pairs); - } - } - - return buildRecords(recs); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - protected NameValuePairs buildEmptyGeneralNames() { - NameValuePairs pairs = new NameValuePairs(); - - pairs.put(POINT_TYPE, ""); - pairs.put(POINT_NAME, ""); - pairs.put(REASONS, ""); - pairs.put(ISSUER_TYPE, ""); - pairs.put(ISSUER_NAME, ""); - pairs.put(ENABLE, "false"); - return pairs; - } - - protected NameValuePairs buildGeneralNames(GeneralNames gns, CRLDistributionPoint p) - throws EPropertyException { - - NameValuePairs pairs = new NameValuePairs(); - - RDN rdn = null; - boolean hasFullName = false; - - pairs.put(ENABLE, "true"); - if (gns == null) { - rdn = p.getRelativeName(); - if (rdn != null) { - hasFullName = true; - pairs.put(POINT_TYPE, RELATIVETOISSUER); - pairs.put(POINT_NAME, rdn.toString()); - } else { - pairs.put(POINT_TYPE, ""); - pairs.put(POINT_NAME, ""); - } - } else { - GeneralName gn = (GeneralName) gns.elementAt(0); - - if (gn != null) { - hasFullName = true; - - pairs.put(POINT_TYPE, getGeneralNameType(gn)); - pairs.put(POINT_NAME, getGeneralNameValue(gn)); - } - } - - if (!hasFullName) { - pairs.put(POINT_TYPE, GN_DIRECTORY_NAME); - pairs.put(POINT_NAME, ""); - } - - BitArray reasons = p.getReasons(); - String s = convertBitArrayToReasonNames(reasons); - - if (s.length() > 0) { - pairs.put(REASONS, s); - } else { - pairs.put(REASONS, ""); - } - - gns = p.getCRLIssuer(); - - if (gns == null) { - pairs.put(ISSUER_TYPE, GN_DIRECTORY_NAME); - pairs.put(ISSUER_NAME, ""); - } else { - GeneralName gn = (GeneralName) gns.elementAt(0); - - if (gn != null) { - hasFullName = true; - - pairs.put(ISSUER_TYPE, getGeneralNameType(gn)); - pairs.put(ISSUER_NAME, getGeneralNameValue(gn)); - } - } - return pairs; - } - - private String convertBitArrayToReasonNames(BitArray reasons) { - StringBuffer sb = new StringBuffer(); - - if (reasons != null) { - byte[] b = reasons.toByteArray(); - Reason[] reasonArray = Reason.bitArrayToReasonArray(b); - - for (int i = 0; i < reasonArray.length; i++) { - if (sb.length() > 0) - sb.append(","); - sb.append(reasonArray[i].getName()); - } - } - - return sb.toString(); - } - - public String getText(Locale locale) { - StringBuffer sb = new StringBuffer(); - int num = getNumPoints(); - - for (int i = 0; i < num; i++) { - sb.append("Record #"); - sb.append(i); - sb.append("{"); - sb.append(POINT_TYPE + ":"); - sb.append(getConfig(CONFIG_POINT_TYPE + i)); - sb.append(","); - sb.append(POINT_NAME + ":"); - sb.append(getConfig(CONFIG_POINT_NAME + i)); - sb.append(","); - sb.append(REASONS + ":"); - sb.append(getConfig(CONFIG_REASONS + i)); - sb.append(","); - sb.append(ISSUER_TYPE + ":"); - sb.append(getConfig(CONFIG_ISSUER_TYPE + i)); - sb.append(","); - sb.append(ISSUER_NAME + ":"); - sb.append(getConfig(CONFIG_ISSUER_NAME + i)); - sb.append(","); - sb.append(ENABLE + ":"); - sb.append(getConfig(CONFIG_ENABLE + i)); - sb.append("}"); - } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_CRL_DIST_POINTS_EXT", - getConfig(CONFIG_CRITICAL), - sb.toString()); - } - - /** - * Populates the request with this policy default. - */ - private void populate(Locale locale, X509CertInfo info) - throws EProfileException { - CRLDistributionPointsExtension ext = createExtension(locale); - - if (ext == null) - return; - addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - ext, info); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - CRLDistributionPointsExtension ext = createExtension(request); - - if (ext == null) - return; - addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - ext, info); - } - - public CRLDistributionPointsExtension createExtension(IRequest request) { - CRLDistributionPointsExtension ext = null; - int num = 0; - - try { - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - - num = getNumPoints(); - for (int i = 0; i < num; i++) { - CRLDistributionPoint cdp = new CRLDistributionPoint(); - - String enable = getConfig(CONFIG_ENABLE + i); - String pointType = getConfig(CONFIG_POINT_TYPE + i); - String pointName = getConfig(CONFIG_POINT_NAME + i); - String reasons = getConfig(CONFIG_REASONS + i); - String issuerType = getConfig(CONFIG_ISSUER_TYPE + i); - String issuerName = getConfig(CONFIG_ISSUER_NAME + i); - - if (enable != null && enable.equals("true")) { - if (pointType != null) - addCRLPoint(getLocale(request), cdp, pointType, pointName); - if (issuerType != null) - addIssuer(getLocale(request), cdp, issuerType, issuerName); - if (reasons != null) - addReasons(getLocale(request), cdp, REASONS, reasons); - - if (i == 0) { - ext = new CRLDistributionPointsExtension(cdp); - ext.setCritical(critical); - } else { - ext.addPoint(cdp); - } - } - } - } catch (Exception e) { - CMS.debug("CRLDistribtionPointsExtDefault: createExtension " + - e.toString()); - CMS.debug(e); - } - - return ext; - } - - private CRLDistributionPointsExtension createExtension(Locale locale) { - CRLDistributionPointsExtension ext = null; - int num = 0; - - try { - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - - num = getNumPoints(); - for (int i = 0; i < num; i++) { - CRLDistributionPoint cdp = new CRLDistributionPoint(); - - String enable = getConfig(CONFIG_ENABLE + i); - String pointType = getConfig(CONFIG_POINT_TYPE + i); - String pointName = getConfig(CONFIG_POINT_NAME + i); - String reasons = getConfig(CONFIG_REASONS + i); - String issuerType = getConfig(CONFIG_ISSUER_TYPE + i); - String issuerName = getConfig(CONFIG_ISSUER_NAME + i); - - if (enable != null && enable.equals("true")) { - if (pointType != null) - addCRLPoint(locale, cdp, pointType, pointName); - if (issuerType != null) - addIssuer(locale, cdp, issuerType, issuerName); - addReasons(locale, cdp, REASONS, reasons); - - if (i == 0) { - ext = new CRLDistributionPointsExtension(cdp); - ext.setCritical(critical); - } else { - ext.addPoint(cdp); - } - } - } - } catch (Exception e) { - CMS.debug("CRLDistribtionPointsExtDefault: createExtension " + - e.toString()); - CMS.debug(e); - } - - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java deleted file mode 100644 index 8d4ae2288..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java +++ /dev/null @@ -1,796 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.Locale; -import java.util.StringTokenizer; -import java.util.Vector; - -import netscape.security.util.ObjectIdentifier; -import netscape.security.x509.CPSuri; -import netscape.security.x509.CertificatePoliciesExtension; -import netscape.security.x509.CertificatePolicyId; -import netscape.security.x509.CertificatePolicyInfo; -import netscape.security.x509.DisplayText; -import netscape.security.x509.NoticeReference; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.PolicyQualifiers; -import netscape.security.x509.Qualifier; -import netscape.security.x509.UserNotice; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a policy mappings extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class CertificatePoliciesExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "Critical"; - public static final String CONFIG_PREFIX = "PoliciesExt.certPolicy"; - public static final String CONFIG_PREFIX1 = "PolicyQualifiers"; - public static final String CONFIG_POLICY_ENABLE = "enable"; - public static final String CONFIG_POLICY_NUM = "PoliciesExt.num"; - public static final String CONFIG_POLICY_ID = "policyId"; - public static final String CONFIG_POLICY_QUALIFIERS_NUM = "PolicyQualifiers.num"; - public static final String CONFIG_CPSURI_ENABLE = "CPSURI.enable"; - public static final String CONFIG_USERNOTICE_ENABLE = "usernotice.enable"; - public static final String CONFIG_CPSURI_VALUE = "CPSURI.value"; - public static final String CONFIG_USERNOTICE_ORG = "usernotice.noticeReference.organization"; - public static final String CONFIG_USERNOTICE_NUMBERS = "usernotice.noticeReference.noticeNumbers"; - public static final String CONFIG_USERNOTICE_TEXT = "usernotice.explicitText.value"; - - public static final String VAL_CRITICAL = "Critical"; - public static final String VAL_POLICY_QUALIFIERS = "policyQualifiers"; - - private static final String SEPARATOR = "."; - private static final int DEF_NUM_POLICIES = 5; - private static final int DEF_NUM_QUALIFIERS = 1; - private static final int MAX_NUM_POLICIES = 20; - private static final String POLICY_ID_ENABLE = "Enable"; - private static final String POLICY_ID = "Policy Id"; - private static final String POLICY_QUALIFIER_CPSURI_ENABLE = "CPSuri Enable"; - private static final String POLICY_QUALIFIER_USERNOTICE_ENABLE = "UserNotice Enable"; - private static final String USERNOTICE_REF_ORG = "UserNoticeReference Organization"; - private static final String USERNOTICE_REF_NUMBERS = "UserNoticeReference Numbers"; - private static final String USERNOTICE_EXPLICIT_TEXT = "UserNoticeReference Explicit Text"; - private static final String CPSURI = "CPS uri"; - - public CertificatePoliciesExtDefault() { - super(); - } - - protected int getNumPolicies() { - int num = DEF_NUM_POLICIES; - String numPolicies = getConfig(CONFIG_POLICY_NUM); - - if (numPolicies != null) { - try { - num = Integer.parseInt(numPolicies); - } catch (NumberFormatException e) { - // ignore - } - } - - if (num >= MAX_NUM_POLICIES) - num = DEF_NUM_POLICIES; - return num; - } - - protected int getNumQualifiers() { - int num = DEF_NUM_QUALIFIERS; - String numQualifiers = getConfig(CONFIG_POLICY_QUALIFIERS_NUM); - if (numQualifiers != null) { - try { - num = Integer.parseInt(numQualifiers); - } catch (NumberFormatException e) { - // ignore - } - } - return num; - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - - refreshConfigAndValueNames(); - } - - public void setConfig(String name, String value) - throws EPropertyException { - int num = 0; - if (name.equals(CONFIG_POLICY_NUM)) { - try { - num = Integer.parseInt(value); - - if (num >= MAX_NUM_POLICIES || num < 0) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_POLICY_NUM)); - } - - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_POLICY_NUM)); - } - } - super.setConfig(name, value); - } - - public Enumeration<String> getConfigNames() { - refreshConfigAndValueNames(); - return super.getConfigNames(); - } - - protected void refreshConfigAndValueNames() { - - super.refreshConfigAndValueNames(); - - addValueName(VAL_CRITICAL); - addValueName(VAL_POLICY_QUALIFIERS); - - addConfigName(CONFIG_CRITICAL); - int num = getNumPolicies(); - int numQualifiers = getNumQualifiers(); - - addConfigName(CONFIG_POLICY_NUM); - - for (int i = 0; i < num; i++) { - addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ID); - addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ENABLE); - for (int j = 0; j < numQualifiers; j++) { - addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_ENABLE); - addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ENABLE); - addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_VALUE); - addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ORG); - addConfigName(CONFIG_PREFIX - + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); - addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_TEXT); - } - } - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.indexOf(CONFIG_POLICY_ID) >= 0) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_ID")); - } else if (name.indexOf(CONFIG_CPSURI_ENABLE) >= 0) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_CPSURI_ENABLE")); - } else if (name.indexOf(CONFIG_USERNOTICE_ENABLE) >= 0) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_USERNOTICE_ENABLE")); - } else if (name.indexOf(CONFIG_POLICY_ENABLE) >= 0) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CERTIFICATE_POLICY_ENABLE")); - } else if (name.indexOf(CONFIG_POLICY_QUALIFIERS_NUM) >= 0) { - return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_NUM")); - } else if (name.indexOf(CONFIG_USERNOTICE_ORG) >= 0) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_USERNOTICE_REF_ORG")); - } else if (name.indexOf(CONFIG_USERNOTICE_NUMBERS) >= 0) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_USERNOTICE_REF_NUMBERS")); - } else if (name.indexOf(CONFIG_USERNOTICE_TEXT) >= 0) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_USERNOTICE_EXPLICIT_TEXT")); - } else if (name.indexOf(CONFIG_CPSURI_VALUE) >= 0) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_CPSURI")); - } else if (name.indexOf(CONFIG_POLICY_NUM) >= 0) { - return new Descriptor(IDescriptor.INTEGER, null, - "5", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICIES")); - } - return null; - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_POLICY_QUALIFIERS)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIERS")); - } - return null; - } - - private Hashtable<String, String> buildRecords(String value) throws EPropertyException { - StringTokenizer st = new StringTokenizer(value, "\r\n"); - Hashtable<String, String> table = new Hashtable<String, String>(); - while (st.hasMoreTokens()) { - String token = (String) st.nextToken(); - int index = token.indexOf(":"); - if (index <= 0) - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", token)); - String name = token.substring(0, index); - String val = ""; - if ((token.length() - 1) > index) { - val = token.substring(index + 1); - } - table.put(name, val); - } - - return table; - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - CertificatePoliciesExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_CRITICAL)) { - ext = (CertificatePoliciesExtension) - getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - info); - boolean val = Boolean.valueOf(value).booleanValue(); - - ext.setCritical(val); - } else if (name.equals(VAL_POLICY_QUALIFIERS)) { - ext = (CertificatePoliciesExtension) - getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - info); - - Hashtable<String, String> h = buildRecords(value); - - String numStr = (String) h.get(CONFIG_POLICY_NUM); - int size = Integer.parseInt(numStr); - - Vector<CertificatePolicyInfo> certificatePolicies = new Vector<CertificatePolicyInfo>(); - for (int i = 0; i < size; i++) { - String enable = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ENABLE); - CertificatePolicyInfo cinfo = null; - if (enable != null && enable.equals("true")) { - String policyId = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ID); - - if (policyId == null || policyId.length() == 0) - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID")); - CertificatePolicyId cpolicyId = getPolicyId(policyId); - - String qualifersNum = - (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_QUALIFIERS_NUM); - PolicyQualifiers policyQualifiers = new PolicyQualifiers(); - int num = 0; - if (qualifersNum != null && qualifersNum.length() > 0) - num = Integer.parseInt(qualifersNum); - for (int j = 0; j < num; j++) { - String cpsuriEnable = - (String) h.get(CONFIG_PREFIX - + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_ENABLE); - String usernoticeEnable = - (String) h - .get(CONFIG_PREFIX - + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR - + CONFIG_USERNOTICE_ENABLE); - if (cpsuriEnable != null && cpsuriEnable.equals("true")) { - String cpsuri = - (String) h.get(CONFIG_PREFIX - + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_VALUE); - netscape.security.x509.PolicyQualifierInfo qualifierInfo = createCPSuri(cpsuri); - if (qualifierInfo != null) - policyQualifiers.add(qualifierInfo); - } else if (usernoticeEnable != null && enable.equals("true")) { - String org = - (String) h.get(CONFIG_PREFIX - + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR - + CONFIG_USERNOTICE_ORG); - String noticenumbers = - (String) h.get(CONFIG_PREFIX - + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR - + CONFIG_USERNOTICE_NUMBERS); - String explicitText = - (String) h.get(CONFIG_PREFIX - + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR - + CONFIG_USERNOTICE_TEXT); - netscape.security.x509.PolicyQualifierInfo qualifierInfo = createUserNotice(org, - noticenumbers, explicitText); - if (qualifierInfo != null) - policyQualifiers.add(qualifierInfo); - } - } - - if (policyQualifiers.size() <= 0) { - cinfo = - new CertificatePolicyInfo(cpolicyId); - } else { - cinfo = - new CertificatePolicyInfo(cpolicyId, policyQualifiers); - } - if (cinfo != null) - certificatePolicies.addElement(cinfo); - } - } - - ext.set(CertificatePoliciesExtension.INFOS, certificatePolicies); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - replaceExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - ext, info); - } catch (EProfileException e) { - CMS.debug("CertificatePoliciesExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } catch (IOException e) { - CMS.debug("CertificatePoliciesExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - @SuppressWarnings("unchecked") - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - CertificatePoliciesExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - if (name.equals(VAL_CRITICAL)) { - ext = (CertificatePoliciesExtension) - getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_POLICY_QUALIFIERS)) { - ext = (CertificatePoliciesExtension) - getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - info); - - if (ext == null) - return ""; - - StringBuffer sb = new StringBuffer(); - int num_policies = getNumPolicies(); - sb.append(CONFIG_POLICY_NUM); - sb.append(":"); - sb.append(num_policies); - sb.append("\n"); - Vector<CertificatePolicyInfo> infos; - - try { - infos = (Vector<CertificatePolicyInfo>) ext.get(CertificatePoliciesExtension.INFOS); - } catch (IOException ee) { - infos = null; - } - - for (int i = 0; i < num_policies; i++) { - int qSize = 0; - String policyId = ""; - String policyEnable = "false"; - PolicyQualifiers qualifiers = null; - if (infos.size() > 0) { - CertificatePolicyInfo cinfo = - infos.elementAt(0); - - CertificatePolicyId id1 = cinfo.getPolicyIdentifier(); - policyId = id1.getIdentifier().toString(); - policyEnable = "true"; - qualifiers = cinfo.getPolicyQualifiers(); - if (qualifiers != null) - qSize = qualifiers.size(); - infos.removeElementAt(0); - } - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ENABLE); - sb.append(":"); - sb.append(policyEnable); - sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ID); - sb.append(":"); - sb.append(policyId); - sb.append("\n"); - - if (qSize == 0) { - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_QUALIFIERS_NUM); - sb.append(":"); - sb.append(DEF_NUM_QUALIFIERS); - sb.append("\n"); - } else { - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_QUALIFIERS_NUM); - sb.append(":"); - sb.append(qSize); - sb.append("\n"); - } - if (qSize == 0) { - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_CPSURI_ENABLE); - sb.append(":"); - sb.append("false"); - sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_CPSURI_VALUE); - sb.append(":"); - sb.append(""); - sb.append("\n"); - sb.append(CONFIG_PREFIX - + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_ENABLE); - sb.append(":"); - sb.append("false"); - sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_ORG); - sb.append(":"); - sb.append(""); - sb.append("\n"); - sb.append(CONFIG_PREFIX - + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); - sb.append(":"); - sb.append(""); - sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_TEXT); - sb.append(":"); - sb.append(""); - sb.append("\n"); - } - - for (int j = 0; j < qSize; j++) { - netscape.security.x509.PolicyQualifierInfo qinfo = qualifiers.getInfoAt(j); - ObjectIdentifier oid = qinfo.getId(); - Qualifier qualifier = qinfo.getQualifier(); - - String cpsuriEnable = "false"; - String usernoticeEnable = "false"; - String cpsuri = ""; - String org = ""; - StringBuffer noticeNum = new StringBuffer(); - String explicitText = ""; - - if (oid.toString().equals(netscape.security.x509.PolicyQualifierInfo.QT_CPS.toString())) { - cpsuriEnable = "true"; - CPSuri content = (CPSuri) qualifier; - cpsuri = content.getURI(); - } else if (oid.toString().equals(netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE.toString())) { - usernoticeEnable = "true"; - UserNotice content = (UserNotice) qualifier; - NoticeReference ref = content.getNoticeReference(); - if (ref != null) { - org = ref.getOrganization().getText(); - int[] nums = ref.getNumbers(); - for (int k = 0; k < nums.length; k++) { - if (k != 0) { - noticeNum.append(","); - noticeNum.append(nums[k]); - } else - noticeNum.append(nums[k]); - } - } - DisplayText displayText = content.getDisplayText(); - if (displayText != null) - explicitText = displayText.getText(); - } - - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_ENABLE); - sb.append(":"); - sb.append(cpsuriEnable); - sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_VALUE); - sb.append(":"); - sb.append(cpsuri); - sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ENABLE); - sb.append(":"); - sb.append(usernoticeEnable); - sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ORG); - sb.append(":"); - sb.append(org); - sb.append("\n"); - sb.append(CONFIG_PREFIX - + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); - sb.append(":"); - sb.append(noticeNum.toString()); - sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_TEXT); - sb.append(":"); - sb.append(explicitText); - sb.append("\n"); - } - } // end of for loop - return sb.toString(); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - StringBuffer sb = new StringBuffer(); - int num = getNumPolicies(); - int num1 = getNumQualifiers(); - - try { - IConfigStore basesubstore = getConfigStore().getSubStore("params"); - sb.append("{"); - sb.append(CONFIG_POLICY_NUM + ":"); - sb.append(num); - sb.append(","); - for (int i = 0; i < num; i++) { - sb.append("{"); - IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX + i); - String enable = substore.getString(CONFIG_POLICY_ENABLE, ""); - sb.append(POLICY_ID_ENABLE + ":"); - sb.append(enable); - sb.append(","); - String policyId = substore.getString(CONFIG_POLICY_ID, ""); - sb.append(POLICY_ID + ":"); - sb.append(policyId); - sb.append(","); - String qualifiersNum = substore.getString(CONFIG_POLICY_QUALIFIERS_NUM, ""); - sb.append(CONFIG_POLICY_QUALIFIERS_NUM + ":"); - sb.append(qualifiersNum); - sb.append(","); - for (int j = 0; j < num1; j++) { - IConfigStore substore1 = substore.getSubStore(CONFIG_PREFIX1 + j); - sb.append("{"); - String cpsuriEnable = substore1.getString(CONFIG_CPSURI_ENABLE, ""); - sb.append(POLICY_QUALIFIER_CPSURI_ENABLE + ":"); - sb.append(cpsuriEnable); - sb.append(","); - String usernoticeEnable = substore1.getString(CONFIG_USERNOTICE_ENABLE, ""); - sb.append(POLICY_QUALIFIER_USERNOTICE_ENABLE + ":"); - sb.append(usernoticeEnable); - sb.append(","); - String org = substore1.getString(CONFIG_USERNOTICE_ORG, ""); - sb.append(USERNOTICE_REF_ORG + ":"); - sb.append(org); - sb.append(","); - String refNums = substore1.getString(CONFIG_USERNOTICE_NUMBERS, ""); - sb.append(USERNOTICE_REF_NUMBERS + ":"); - sb.append(refNums); - sb.append(","); - String explicitText = substore1.getString(CONFIG_USERNOTICE_TEXT, ""); - sb.append(USERNOTICE_EXPLICIT_TEXT + ":"); - sb.append(explicitText); - sb.append(","); - String cpsuri = substore1.getString(CONFIG_CPSURI_VALUE, ""); - sb.append(CPSURI + ":"); - sb.append(cpsuri); - sb.append("}"); - } - sb.append("}"); - } - sb.append("}"); - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_CERTIFICATE_POLICIES_EXT", - getConfig(CONFIG_CRITICAL), sb.toString()); - } catch (Exception e) { - return ""; - } - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - CertificatePoliciesExtension ext = createExtension(); - - if (ext == null) - return; - addExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - ext, info); - } - - public CertificatePoliciesExtension createExtension() - throws EProfileException { - CertificatePoliciesExtension ext = null; - - try { - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - Vector<CertificatePolicyInfo> certificatePolicies = new Vector<CertificatePolicyInfo>(); - int num = getNumPolicies(); - CMS.debug("CertificatePoliciesExtension: createExtension: number of policies=" + num); - IConfigStore config = getConfigStore(); - - for (int i = 0; i < num; i++) { - IConfigStore basesubstore = config.getSubStore("params"); - IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX + i); - String enable = substore.getString(CONFIG_POLICY_ENABLE); - - CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy " + i + " enable=" + enable); - if (enable != null && enable.equals("true")) { - String policyId = substore.getString(CONFIG_POLICY_ID); - CertificatePolicyId cpolicyId = getPolicyId(policyId); - CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy " - + i + " policyId=" + policyId); - int qualifierNum = getNumQualifiers(); - PolicyQualifiers policyQualifiers = new PolicyQualifiers(); - for (int j = 0; j < qualifierNum; j++) { - IConfigStore substore1 = substore.getSubStore(CONFIG_PREFIX1 + j); - String cpsuriEnable = substore1.getString(CONFIG_CPSURI_ENABLE); - String usernoticeEnable = substore1.getString(CONFIG_USERNOTICE_ENABLE); - - if (cpsuriEnable != null && cpsuriEnable.equals("true")) { - String cpsuri = substore1.getString(CONFIG_CPSURI_VALUE, ""); - netscape.security.x509.PolicyQualifierInfo qualifierInfo = createCPSuri(cpsuri); - if (qualifierInfo != null) - policyQualifiers.add(qualifierInfo); - } else if (usernoticeEnable != null && - usernoticeEnable.equals("true")) { - - String org = substore1.getString(CONFIG_USERNOTICE_ORG); - String noticenumbers = substore1.getString(CONFIG_USERNOTICE_NUMBERS); - String explicitText = substore1.getString(CONFIG_USERNOTICE_TEXT); - netscape.security.x509.PolicyQualifierInfo qualifierInfo = createUserNotice(org, - noticenumbers, explicitText); - if (qualifierInfo != null) - policyQualifiers.add(qualifierInfo); - } - } - - CertificatePolicyInfo info = null; - if (policyQualifiers.size() <= 0) { - info = - new CertificatePolicyInfo(cpolicyId); - } else { - info = - new CertificatePolicyInfo(cpolicyId, policyQualifiers); - } - - if (info != null) - certificatePolicies.addElement(info); - } - } - - ext = new CertificatePoliciesExtension(critical, certificatePolicies); - } catch (EPropertyException e) { - throw new EProfileException(e.toString()); - } catch (EProfileException e) { - throw e; - } catch (Exception e) { - CMS.debug("CertificatePoliciesExtDefault: createExtension " + - e.toString()); - } - - return ext; - } - - private CertificatePolicyId getPolicyId(String policyId) throws EPropertyException { - if (policyId == null || policyId.length() == 0) - throw new EPropertyException(CMS.getUserMessage( - "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID")); - - CertificatePolicyId cpolicyId = null; - try { - cpolicyId = new CertificatePolicyId( - ObjectIdentifier.getObjectIdentifier(policyId)); - return cpolicyId; - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_PROFILE_CERTIFICATE_POLICIES_POLICYID_ERROR", policyId)); - } - } - - private netscape.security.x509.PolicyQualifierInfo createCPSuri(String uri) throws EPropertyException { - if (uri == null || uri.length() == 0) - throw new EPropertyException(CMS.getUserMessage( - "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_CPSURI")); - - CPSuri cpsURI = new CPSuri(uri); - netscape.security.x509.PolicyQualifierInfo policyQualifierInfo2 = - new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_CPS, - cpsURI); - - return policyQualifierInfo2; - } - - private netscape.security.x509.PolicyQualifierInfo createUserNotice(String organization, - String noticeText, String noticeNums) throws EPropertyException { - - if ((organization == null || organization.length() == 0) && - (noticeNums == null || noticeNums.length() == 0) && - (noticeText == null || noticeText.length() == 0)) - return null; - - DisplayText explicitText = null; - if (noticeText != null && noticeText.length() > 0) - explicitText = new DisplayText(DisplayText.tag_VisibleString, noticeText); - - int nums[] = null; - if (noticeNums != null && noticeNums.length() > 0) { - Vector<String> numsVector = new Vector<String>(); - StringTokenizer tokens = new StringTokenizer(noticeNums, ";"); - while (tokens.hasMoreTokens()) { - String num = tokens.nextToken().trim(); - numsVector.addElement(num); - } - - nums = new int[numsVector.size()]; - try { - for (int i = 0; i < numsVector.size(); i++) { - Integer ii = new Integer((String) numsVector.elementAt(i)); - nums[i] = ii.intValue(); - } - } catch (Exception e) { - throw new EPropertyException("Wrong notice numbers"); - } - } - - DisplayText orgName = null; - if (organization != null && organization.length() > 0) { - orgName = - new DisplayText(DisplayText.tag_VisibleString, organization); - } - - NoticeReference noticeReference = null; - - if (orgName != null) - noticeReference = new NoticeReference(orgName, nums); - - UserNotice userNotice = null; - if (explicitText != null || noticeReference != null) { - userNotice = new UserNotice(noticeReference, explicitText); - - netscape.security.x509.PolicyQualifierInfo policyQualifierInfo1 = - new netscape.security.x509.PolicyQualifierInfo( - netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE, userNotice); - return policyQualifierInfo1; - } - - return null; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java deleted file mode 100644 index d30f971dd..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java +++ /dev/null @@ -1,193 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.security.cert.CertificateException; -import java.util.Locale; - -import netscape.security.x509.CertificateVersion; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a Netscape comment extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class CertificateVersionDefault extends EnrollExtDefault { - - public static final String CONFIG_VERSION = "certVersionNum"; - - public static final String VAL_VERSION = "certVersionNum"; - - public CertificateVersionDefault() { - super(); - addValueName(VAL_VERSION); - - addConfigName(CONFIG_VERSION); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_VERSION)) { - return new Descriptor(IDescriptor.INTEGER, null, - "3", - CMS.getUserMessage(locale, "CMS_PROFILE_VERSION")); - } else { - return null; - } - } - - public void setConfig(String name, String value) - throws EPropertyException { - if (name.equals(CONFIG_VERSION)) { - try { - Integer.parseInt(value); - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_VERSION)); - } - } - super.setConfig(name, value); - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_VERSION)) { - return new Descriptor(IDescriptor.INTEGER, null, - "3", - CMS.getUserMessage(locale, "CMS_PROFILE_VERSION")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_VERSION)) { - if (value == null || value.equals("")) - throw new EPropertyException(name + " cannot be empty"); - else { - int version = Integer.valueOf(value).intValue() - 1; - - if (version == CertificateVersion.V1) - info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V1)); - else if (version == CertificateVersion.V2) - info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V2)); - else if (version == CertificateVersion.V3) - info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } catch (IOException e) { - CMS.debug("CertificateVersionDefault: setValue " + e.toString()); - } catch (CertificateException e) { - CMS.debug("CertificateVersionDefault: setValue " + e.toString()); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - if (name.equals(VAL_VERSION)) { - CertificateVersion v = null; - try { - v = (CertificateVersion) info.get( - X509CertInfo.VERSION); - } catch (Exception e) { - } - - if (v == null) - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - int version = v.compare(0); - - return "" + (version + 1); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_VERSION) - }; - - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_CERT_VERSION", params); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - String v = getConfig(CONFIG_VERSION); - int version = Integer.valueOf(v).intValue() - 1; - - try { - if (version == CertificateVersion.V1) - info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V1)); - else if (version == CertificateVersion.V2) - info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V2)); - else if (version == CertificateVersion.V3) - info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); - else { - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_VERSION)); - } - } catch (IOException e) { - } catch (CertificateException e) { - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java deleted file mode 100644 index 67ebadbe4..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java +++ /dev/null @@ -1,815 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Locale; -import java.util.NoSuchElementException; -import java.util.StringTokenizer; -import java.util.Vector; - -import netscape.security.extensions.KerberosName; -import netscape.security.util.DerInputStream; -import netscape.security.util.DerOutputStream; -import netscape.security.util.DerValue; -import netscape.security.util.ObjectIdentifier; -import netscape.security.x509.CertificateExtensions; -import netscape.security.x509.DNSName; -import netscape.security.x509.EDIPartyName; -import netscape.security.x509.Extension; -import netscape.security.x509.GeneralName; -import netscape.security.x509.GeneralNameInterface; -import netscape.security.x509.IPAddressName; -import netscape.security.x509.OIDName; -import netscape.security.x509.OtherName; -import netscape.security.x509.RFC822Name; -import netscape.security.x509.URIName; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IAttrSet; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.base.IPrettyPrintFormat; -import com.netscape.certsrv.common.NameValuePairs; -import com.netscape.certsrv.pattern.Pattern; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.ICertInfoPolicyDefault; -import com.netscape.certsrv.profile.IEnrollProfile; -import com.netscape.certsrv.profile.IPolicyDefault; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.common.EnrollProfile; - -/** - * This class implements an enrollment default policy. - * - * @version $Revision$, $Date$ - */ -public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDefault { - - public static final String PROP_NAME = "name"; - - public static final String GN_RFC822_NAME = "RFC822Name"; - public static final String GN_DNS_NAME = "DNSName"; - public static final String GN_URI_NAME = "URIName"; - public static final String GN_IP_NAME = "IPAddressName"; - public static final String GN_DIRECTORY_NAME = "DirectoryName"; - public static final String GN_EDI_NAME = "EDIPartyName"; - public static final String GN_ANY_NAME = "OtherName"; - public static final String GN_OID_NAME = "OIDName"; - - protected IConfigStore mConfig = null; - protected Vector<String> mConfigNames = new Vector<String>(); - protected Vector<String> mValueNames = new Vector<String>(); - - public EnrollDefault() { - } - - public Enumeration<String> getConfigNames() { - return mConfigNames.elements(); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - return null; - } - - public void addConfigName(String name) { - mConfigNames.addElement(name); - } - - public void setConfig(String name, String value) - throws EPropertyException { - if (mConfig.getSubStore("params") == null) { - // - } else { - mConfig.getSubStore("params").putString(name, value); - } - } - - public String getConfig(String name) { - try { - if (mConfig == null) - return null; - if (mConfig.getSubStore("params") != null) { - return mConfig.getSubStore("params").getString(name); - } - } catch (EBaseException e) { - } - return ""; - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - mConfig = config; - } - - /** - * Retrieves the localizable description of this policy. - * - * @param locale locale of the end user - * @return localized description of this default policy - */ - public abstract String getText(Locale locale); - - public IConfigStore getConfigStore() { - return mConfig; - } - - public String getName(Locale locale) { - try { - return mConfig.getString(PROP_NAME); - } catch (EBaseException e) { - return null; - } - } - - /** - * Populates attributes into the certificate template. - * - * @param request enrollment request - * @param info certificate template - * @exception EProfileException failed to populate attributes - * into request - */ - public abstract void populate(IRequest request, X509CertInfo info) - throws EProfileException; - - /** - * Sets values from the approval page into certificate template. - * - * @param name name of the attribute - * @param locale user locale - * @param info certificate template - * @param value attribute value - * @exception EProfileException failed to set attributes - * into request - */ - public abstract void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException; - - /** - * Retrieves certificate template values and returns them to - * the approval page. - * - * @param name name of the attribute - * @param locale user locale - * @param info certificate template - * @exception EProfileException failed to get attributes - * from request - */ - public abstract String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException; - - /** - * Populates the request with this policy default. - * - * The current implementation extracts enrollment specific attributes - * and calls the populate() method of the subclass. - * - * @param request request to be populated - * @exception EProfileException failed to populate - */ - public void populate(IRequest request) - throws EProfileException { - String name = getClass().getName(); - - name = name.substring(name.lastIndexOf('.') + 1); - CMS.debug(name + ": populate start"); - X509CertInfo info = - request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); - - populate(request, info); - - request.setExtData(IEnrollProfile.REQUEST_CERTINFO, info); - CMS.debug(name + ": populate end"); - } - - public void addValueName(String name) { - mValueNames.addElement(name); - } - - public Enumeration<String> getValueNames() { - return mValueNames.elements(); - } - - public IDescriptor getValueDescriptor(String name) { - return null; - } - - /** - * Sets the value of the given value property by name. - * - * The current implementation extracts enrollment specific attributes - * and calls the setValue() method of the subclass. - * - * @param name name of property - * @param locale locale of the end user - * @param request request - * @param value value to be set in the given request - * @exception EPropertyException failed to set property - */ - public void setValue(String name, Locale locale, IRequest request, - String value) - throws EPropertyException { - X509CertInfo info = - request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); - - setValue(name, locale, info, value); - - request.setExtData(IEnrollProfile.REQUEST_CERTINFO, info); - } - - /** - * Retrieves the value of the given value - * property by name. - * - * The current implementation extracts enrollment specific attributes - * and calls the getValue() method of the subclass. - * - * @param name name of property - * @param locale locale of the end user - * @param request request - * @exception EPropertyException failed to get property - */ - public String getValue(String name, Locale locale, IRequest request) - throws EPropertyException { - X509CertInfo info = - request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); - - String value = getValue(name, locale, info); - request.setExtData(IEnrollProfile.REQUEST_CERTINFO, info); - return value; - } - - public String toHexString(byte data[]) { - IPrettyPrintFormat pp = CMS.getPrettyPrintFormat(":"); - String s = pp.toHexString(data, 0, 16); - StringTokenizer st = new StringTokenizer(s, "\n"); - StringBuffer buffer = new StringBuffer(); - - while (st.hasMoreTokens()) { - buffer.append(st.nextToken()); - buffer.append("\\n"); - } - return buffer.toString(); - } - - protected void refreshConfigAndValueNames() { - mConfigNames.removeAllElements(); - mValueNames.removeAllElements(); - } - - protected void deleteExtension(String name, X509CertInfo info) { - CertificateExtensions exts = null; - - try { - exts = (CertificateExtensions) - info.get(X509CertInfo.EXTENSIONS); - if (exts == null) - return; - Enumeration<String> e = exts.getNames(); - - while (e.hasMoreElements()) { - String n = e.nextElement(); - Extension ext = (Extension) exts.get(n); - - if (ext.getExtensionId().toString().equals(name)) { - exts.delete(n); - } - } - } catch (Exception e) { - CMS.debug(e.toString()); - } - } - - protected Extension getExtension(String name, X509CertInfo info) { - CertificateExtensions exts = null; - - try { - exts = (CertificateExtensions) - info.get(X509CertInfo.EXTENSIONS); - } catch (Exception e) { - CMS.debug("EnrollDefault: getExtension " + e.toString()); - } - if (exts == null) - return null; - return getExtension(name, exts); - } - - protected Extension getExtension(String name, CertificateExtensions exts) { - if (exts == null) - return null; - Enumeration<Extension> e = exts.getAttributes(); - - while (e.hasMoreElements()) { - Extension ext = e.nextElement(); - - if (ext.getExtensionId().toString().equals(name)) { - return ext; - } - } - return null; - } - - protected void addExtension(String name, Extension ext, X509CertInfo info) - throws EProfileException { - if (ext == null) { - throw new EProfileException("extension not found"); - } - CertificateExtensions exts = null; - - Extension alreadyPresentExtension = getExtension(name, info); - - if (alreadyPresentExtension != null) { - String eName = ext.toString(); - CMS.debug("EnrollDefault.addExtension: duplicate extension attempted! Name: " + eName); - throw new EProfileException(CMS.getUserMessage("CMS_PROFILE_DUPLICATE_EXTENSION", eName)); - } - - try { - exts = (CertificateExtensions) - info.get(X509CertInfo.EXTENSIONS); - } catch (Exception e) { - CMS.debug("EnrollDefault: " + e.toString()); - } - if (exts == null) { - throw new EProfileException("extensions not found"); - } - try { - exts.set(name, ext); - } catch (IOException e) { - CMS.debug("EnrollDefault: " + e.toString()); - } - } - - protected void replaceExtension(String name, Extension ext, X509CertInfo info) - throws EProfileException { - deleteExtension(name, info); - addExtension(name, ext, info); - } - - protected boolean isOptional(String value) { - return value.equals(""); - } - - protected boolean getBoolean(String value) { - return Boolean.valueOf(value).booleanValue(); - } - - protected int getInt(String value) { - return Integer.valueOf(value).intValue(); - } - - protected boolean getConfigBoolean(String value) { - return getBoolean(getConfig(value)); - } - - protected int getConfigInt(String value) { - return getInt(getConfig(value)); - } - - protected boolean isGeneralNameValid(String name) { - if (name == null) - return false; - int pos = name.indexOf(':'); - if (pos == -1) - return false; - String nameValue = name.substring(pos + 1).trim(); - if (nameValue.equals("")) - return false; - return true; - } - - protected GeneralNameInterface parseGeneralName(String name) - throws IOException { - int pos = name.indexOf(':'); - if (pos == -1) - return null; - String nameType = name.substring(0, pos).trim(); - String nameValue = name.substring(pos + 1).trim(); - return parseGeneralName(nameType, nameValue); - } - - protected boolean isGeneralNameType(String nameType) { - if (nameType.equalsIgnoreCase("RFC822Name")) { - return true; - } - if (nameType.equalsIgnoreCase("DNSName")) { - return true; - } - if (nameType.equalsIgnoreCase("x400")) { - return true; - } - if (nameType.equalsIgnoreCase("DirectoryName")) { - return true; - } - if (nameType.equalsIgnoreCase("EDIPartyName")) { - return true; - } - if (nameType.equalsIgnoreCase("URIName")) { - return true; - } - if (nameType.equalsIgnoreCase("IPAddress")) { - return true; - } - if (nameType.equalsIgnoreCase("OIDName")) { - return true; - } - if (nameType.equalsIgnoreCase("OtherName")) { - return true; - } - return false; - } - - protected GeneralNameInterface parseGeneralName(String nameType, String nameValue) - throws IOException { - if (nameType.equalsIgnoreCase("RFC822Name")) { - return new RFC822Name(nameValue); - } - if (nameType.equalsIgnoreCase("DNSName")) { - return new DNSName(nameValue); - } - if (nameType.equalsIgnoreCase("x400")) { - // XXX - } - if (nameType.equalsIgnoreCase("DirectoryName")) { - return new X500Name(nameValue); - } - if (nameType.equalsIgnoreCase("EDIPartyName")) { - return new EDIPartyName(nameValue); - } - if (nameType.equalsIgnoreCase("URIName")) { - return new URIName(nameValue); - } - if (nameType.equalsIgnoreCase("IPAddress")) { - CMS.debug("IP Value:" + nameValue); - if (nameValue.indexOf('/') != -1) { - // CIDR support for NameConstraintsExt - StringTokenizer st = new StringTokenizer(nameValue, "/"); - String addr = st.nextToken(); - String netmask = st.nextToken(); - CMS.debug("addr:" + addr + " netmask: " + netmask); - return new IPAddressName(addr, netmask); - } else { - return new IPAddressName(nameValue); - } - } - if (nameType.equalsIgnoreCase("OIDName")) { - try { - // check if OID - new ObjectIdentifier(nameValue); - } catch (Exception e) { - return null; - } - return new OIDName(nameValue); - } - if (nameType.equals("OtherName")) { - if (nameValue == null || nameValue.length() == 0) - nameValue = " "; - if (nameValue.startsWith("(PrintableString)")) { - // format: OtherName: (PrintableString)oid,value - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_PrintableString, on_value); - } else { - return null; - } - } else if (nameValue.startsWith("(KerberosName)")) { - // Syntax: (KerberosName)Realm|NameType|NameString(s) - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf('|'); - int pos2 = nameValue.lastIndexOf('|'); - String realm = nameValue.substring(pos0 + 1, pos1).trim(); - String name_type = nameValue.substring(pos1 + 1, pos2).trim(); - String name_strings = nameValue.substring(pos2 + 1).trim(); - Vector<String> strings = new Vector<String>(); - StringTokenizer st = new StringTokenizer(name_strings, ","); - while (st.hasMoreTokens()) { - strings.addElement(st.nextToken()); - } - KerberosName name = new KerberosName(realm, - Integer.parseInt(name_type), strings); - // krb5 OBJECT IDENTIFIER ::= { iso (1) - // org (3) - // dod (6) - // internet (1) - // security (5) - // kerberosv5 (2) } - // krb5PrincipalName OBJECT IDENTIFIER ::= { krb5 2 } - return new OtherName(KerberosName.KRB5_PRINCIPAL_NAME, - name.toByteArray()); - } else if (nameValue.startsWith("(IA5String)")) { - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_IA5String, on_value); - } else { - return null; - } - } else if (nameValue.startsWith("(UTF8String)")) { - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_UTF8String, on_value); - } else { - return null; - } - } else if (nameValue.startsWith("(BMPString)")) { - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_BMPString, on_value); - } else { - return null; - } - } else if (nameValue.startsWith("(Any)")) { - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - CMS.debug("OID: " + on_oid + " Value:" + on_value); - return new OtherName(new ObjectIdentifier(on_oid), getBytes(on_value)); - } else { - CMS.debug("Invalid OID " + on_oid); - return null; - } - } else { - return null; - } - } - return null; - } - - /** - * Converts string containing pairs of characters in the range of '0' - * to '9', 'a' to 'f' to an array of bytes such that each pair of - * characters in the string represents an individual byte - */ - public byte[] getBytes(String string) { - if (string == null) - return null; - int stringLength = string.length(); - if ((stringLength == 0) || ((stringLength % 2) != 0)) - return null; - byte[] bytes = new byte[(stringLength / 2)]; - for (int i = 0, b = 0; i < stringLength; i += 2, ++b) { - String nextByte = string.substring(i, (i + 2)); - bytes[b] = (byte) Integer.parseInt(nextByte, 0x10); - } - return bytes; - } - - /** - * Check if a object identifier in string form is valid, - * that is a string in the form n.n.n.n and der encode and decode-able. - * - * @param oid object identifier string. - * @return true if the oid is valid - */ - public boolean isValidOID(String oid) { - ObjectIdentifier v = null; - try { - v = ObjectIdentifier.getObjectIdentifier(oid); - } catch (Exception e) { - return false; - } - if (v == null) - return false; - - // if the OID isn't valid (ex. n.n) the error isn't caught til - // encoding time leaving a bad request in the request queue. - try { - DerOutputStream derOut = new DerOutputStream(); - - derOut.putOID(v); - new ObjectIdentifier(new DerInputStream(derOut.toByteArray())); - } catch (Exception e) { - return false; - } - return true; - } - - protected String buildRecords(Vector<NameValuePairs> recs) throws EPropertyException { - StringBuffer sb = new StringBuffer(); - - for (int i = 0; i < recs.size(); i++) { - NameValuePairs pairs = recs.elementAt(i); - - sb.append("Record #"); - sb.append(i); - sb.append("\r\n"); - - for (String key : pairs.keySet()) { - String val = pairs.get(key); - - sb.append(key); - sb.append(":"); - sb.append(val); - sb.append("\r\n"); - } - sb.append("\r\n"); - - } - return sb.toString(); - } - - protected Vector<NameValuePairs> parseRecords(String value) throws EPropertyException { - StringTokenizer st = new StringTokenizer(value, "\r\n"); - int num = 0; - Vector<NameValuePairs> v = new Vector<NameValuePairs>(); - NameValuePairs nvps = null; - - while (st.hasMoreTokens()) { - String token = st.nextToken(); - - if (token.equals("Record #" + num)) { - CMS.debug("parseRecords: Record" + num); - nvps = new NameValuePairs(); - v.addElement(nvps); - try { - token = st.nextToken(); - } catch (NoSuchElementException e) { - v.removeElementAt(num); - CMS.debug(e.toString()); - return v; - } - num++; - } - - if (nvps == null) - throw new EPropertyException("Bad Input Format"); - - int pos = token.indexOf(":"); - - if (pos <= 0) { - CMS.debug("parseRecords: No colon found in the input line"); - throw new EPropertyException("Bad Input Format"); - } else { - if (pos == (token.length() - 1)) { - nvps.put(token.substring(0, pos), ""); - } else { - nvps.put(token.substring(0, pos), token.substring(pos + 1)); - } - } - } - - return v; - } - - protected String getGeneralNameType(GeneralName gn) - throws EPropertyException { - int type = gn.getType(); - - if (type == GeneralNameInterface.NAME_RFC822) - return "RFC822Name"; - else if (type == GeneralNameInterface.NAME_DNS) - return "DNSName"; - else if (type == GeneralNameInterface.NAME_URI) - return "URIName"; - else if (type == GeneralNameInterface.NAME_IP) - return "IPAddress"; - else if (type == GeneralNameInterface.NAME_DIRECTORY) - return "DirectoryName"; - else if (type == GeneralNameInterface.NAME_EDI) - return "EDIPartyName"; - else if (type == GeneralNameInterface.NAME_ANY) - return "OtherName"; - else if (type == GeneralNameInterface.NAME_OID) - return "OIDName"; - - throw new EPropertyException("Unsupported type: " + type); - } - - protected String getGeneralNameValue(GeneralName gn) throws EPropertyException { - String s = gn.toString(); - int type = gn.getType(); - - if (type == GeneralNameInterface.NAME_DIRECTORY) - return s; - else { - int pos = s.indexOf(":"); - - if (pos <= 0) - throw new EPropertyException("Badly formatted general name: " + s); - else { - return s.substring(pos + 1).trim(); - } - } - } - - public Locale getLocale(IRequest request) { - Locale locale = null; - - if (request == null) - return null; - - String language = request.getExtDataInString( - EnrollProfile.REQUEST_LOCALE); - if (language != null) { - locale = new Locale(language); - } - return locale; - } - - public String toGeneralNameString(GeneralNameInterface gn) { - int type = gn.getType(); - // Sun's General Name is not consistent, so we need - // to do a special case for directory string - if (type == GeneralNameInterface.NAME_DIRECTORY) { - return "DirectoryName: " + gn.toString(); - } - return gn.toString(); - } - - protected String mapPattern(IRequest request, String pattern) - throws IOException { - Pattern p = new Pattern(pattern); - IAttrSet attrSet = null; - if (request != null) { - attrSet = request.asIAttrSet(); - } - return p.substitute2("request", attrSet); - } - - protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) { - StringBuffer result = new StringBuffer(); - - // Do we need to escape any characters - for (int i = 0; i < v.length(); i++) { - int c = v.charAt(i); - if (c == ',' || c == '=' || c == '+' || c == '<' || - c == '>' || c == '#' || c == ';' || c == '\r' || - c == '\n' || c == '\\' || c == '"') { - if ((c == 0x5c) && ((i + 1) < v.length())) { - int nextC = v.charAt(i + 1); - if ((c == 0x5c) && (nextC == ',' || nextC == '=' || nextC == '+' || - nextC == '<' || nextC == '>' || nextC == '#' || - nextC == ';' || nextC == '\r' || nextC == '\n' || - nextC == '\\' || nextC == '"')) { - if (doubleEscape) - result.append('\\'); - } else { - result.append('\\'); - if (doubleEscape) - result.append('\\'); - } - } else { - result.append('\\'); - if (doubleEscape) - result.append('\\'); - } - } - if (c == '\r') { - result.append("0D"); - } else if (c == '\n') { - result.append("0A"); - } else { - result.append((char) c); - } - } - return result; - } - -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java deleted file mode 100644 index 24f79cdec..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java +++ /dev/null @@ -1,28 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -/** - * This class implements an enrollment extension - * default policy that extension into the certificate - * template. - * - * @version $Revision$, $Date$ - */ -public abstract class EnrollExtDefault extends EnrollDefault { -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java deleted file mode 100644 index f1d63a348..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java +++ /dev/null @@ -1,250 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.util.Enumeration; -import java.util.Locale; -import java.util.StringTokenizer; - -import netscape.security.extensions.ExtendedKeyUsageExtension; -import netscape.security.util.ObjectIdentifier; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates Extended Key Usage extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "exKeyUsageCritical"; - public static final String CONFIG_OIDS = "exKeyUsageOIDs"; - - public static final String VAL_CRITICAL = "exKeyUsageCritical"; - public static final String VAL_OIDS = "exKeyUsageOIDs"; - - public ExtendedKeyUsageExtDefault() { - super(); - addValueName(VAL_CRITICAL); - addValueName(VAL_OIDS); - addConfigName(CONFIG_CRITICAL); - addConfigName(CONFIG_OIDS); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(CONFIG_OIDS)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_OIDS")); - } - return null; - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_OIDS)) { - return new Descriptor(IDescriptor.STRING_LIST, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_OIDS")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - ExtendedKeyUsageExtension ext = null; - - ext = (ExtendedKeyUsageExtension) - getExtension(ExtendedKeyUsageExtension.OID, info); - - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_CRITICAL)) { - ext = (ExtendedKeyUsageExtension) - getExtension(ExtendedKeyUsageExtension.OID, info); - boolean val = Boolean.valueOf(value).booleanValue(); - - if (ext == null) { - return; - } - ext.setCritical(val); - } else if (name.equals(VAL_OIDS)) { - ext = (ExtendedKeyUsageExtension) - getExtension(ExtendedKeyUsageExtension.OID, info); - // ext.deleteAllOIDs(); - StringTokenizer st = new StringTokenizer(value, ","); - - if (ext == null) { - return; - } - while (st.hasMoreTokens()) { - String oid = st.nextToken(); - - ext.addOID(new ObjectIdentifier(oid)); - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - try { - replaceExtension(ExtendedKeyUsageExtension.OID, ext, info); - } catch (EProfileException e) { - CMS.debug("ExtendedKeyUsageExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ExtendedKeyUsageExtension ext = (ExtendedKeyUsageExtension) - getExtension(ExtendedKeyUsageExtension.OID, info); - - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - if (name.equals(VAL_CRITICAL)) { - ext = (ExtendedKeyUsageExtension) - getExtension(ExtendedKeyUsageExtension.OID, info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_OIDS)) { - ext = (ExtendedKeyUsageExtension) - getExtension(ExtendedKeyUsageExtension.OID, info); - StringBuffer sb = new StringBuffer(); - if (ext == null) { - return ""; - } - Enumeration<ObjectIdentifier> e = ext.getOIDs(); - - while (e.hasMoreElements()) { - ObjectIdentifier oid = e.nextElement(); - - if (!sb.toString().equals("")) { - sb.append(","); - } - sb.append(oid.toString()); - } - return sb.toString(); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_OIDS) - }; - - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_EXTENDED_KEY_EXT", params); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - ExtendedKeyUsageExtension ext = createExtension(); - - addExtension(ExtendedKeyUsageExtension.OID, ext, info); - } - - public ExtendedKeyUsageExtension createExtension() { - ExtendedKeyUsageExtension ext = null; - - try { - ext = new ExtendedKeyUsageExtension(); - } catch (Exception e) { - CMS.debug("ExtendedKeyUsageExtDefault: createExtension " + - e.toString()); - } - if (ext == null) - return null; - boolean critical = getBoolean(getConfig(CONFIG_CRITICAL)); - - ext.setCritical(critical); - StringTokenizer st = new StringTokenizer(getConfig(CONFIG_OIDS), ","); - - while (st.hasMoreTokens()) { - String oid = st.nextToken(); - - ext.addOID(new ObjectIdentifier(oid)); - } - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java deleted file mode 100644 index acbbd1089..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java +++ /dev/null @@ -1,584 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Locale; -import java.util.Vector; - -import netscape.security.x509.CRLDistributionPoint; -import netscape.security.x509.FreshestCRLExtension; -import netscape.security.x509.GeneralName; -import netscape.security.x509.GeneralNames; -import netscape.security.x509.GeneralNamesException; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.common.NameValuePairs; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates Freshest CRL extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class FreshestCRLExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "freshestCRLCritical"; - public static final String CONFIG_NUM_POINTS = "freshestCRLPointNum"; - public static final String CONFIG_POINT_TYPE = "freshestCRLPointType_"; - public static final String CONFIG_POINT_NAME = "freshestCRLPointName_"; - public static final String CONFIG_ISSUER_TYPE = "freshestCRLPointIssuerType_"; - public static final String CONFIG_ISSUER_NAME = "freshestCRLPointIssuerName_"; - public static final String CONFIG_ENABLE = "freshestCRLPointEnable_"; - - public static final String VAL_CRITICAL = "freshestCRLCritical"; - public static final String VAL_CRL_DISTRIBUTION_POINTS = - "freshestCRLPointsValue"; - - private static final String POINT_TYPE = "Point Type"; - private static final String POINT_NAME = "Point Name"; - private static final String ISSUER_TYPE = "Issuer Type"; - private static final String ISSUER_NAME = "Issuer Name"; - private static final String ENABLE = "Enable"; - - private static final int DEF_NUM_POINTS = 1; - private static final int MAX_NUM_POINTS = 100; - - public FreshestCRLExtDefault() { - super(); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - refreshConfigAndValueNames(); - } - - protected int getNumPoints() { - int num = DEF_NUM_POINTS; - String val = getConfig(CONFIG_NUM_POINTS); - - if (val != null) { - try { - num = Integer.parseInt(val); - } catch (NumberFormatException e) { - // ignore - } - } - - if (num >= MAX_NUM_POINTS) - num = DEF_NUM_POINTS; - - return num; - } - - public void setConfig(String name, String value) - throws EPropertyException { - int num = 0; - if (name.equals(CONFIG_NUM_POINTS)) { - try { - num = Integer.parseInt(value); - - if (num >= MAX_NUM_POINTS || num < 0) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS)); - } - - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS)); - } - } - super.setConfig(name, value); - } - - public Enumeration<String> getConfigNames() { - refreshConfigAndValueNames(); - return super.getConfigNames(); - } - - protected void refreshConfigAndValueNames() { - //refesh our config name list - - super.refreshConfigAndValueNames(); - addValueName(VAL_CRITICAL); - addValueName(VAL_CRL_DISTRIBUTION_POINTS); - - addConfigName(CONFIG_CRITICAL); - int num = getNumPoints(); - - addConfigName(CONFIG_NUM_POINTS); - for (int i = 0; i < num; i++) { - addConfigName(CONFIG_POINT_TYPE + i); - addConfigName(CONFIG_POINT_NAME + i); - addConfigName(CONFIG_ISSUER_TYPE + i); - addConfigName(CONFIG_ISSUER_NAME + i); - addConfigName(CONFIG_ENABLE + i); - } - - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.startsWith(CONFIG_POINT_TYPE)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_POINT_TYPE")); - } else if (name.startsWith(CONFIG_POINT_NAME)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_POINT_NAME")); - } else if (name.startsWith(CONFIG_ISSUER_TYPE)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_TYPE")); - } else if (name.startsWith(CONFIG_ISSUER_NAME)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_NAME")); - } else if (name.startsWith(CONFIG_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); - } else if (name.startsWith(CONFIG_NUM_POINTS)) { - return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_DIST_POINTS")); - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_CRL_DISTRIBUTION_POINTS")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - FreshestCRLExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = (FreshestCRLExtension) - getExtension(FreshestCRLExtension.OID, - info); - - if (ext == null) { - populate(locale, info); - } - - if (name.equals(VAL_CRITICAL)) { - ext = (FreshestCRLExtension) - getExtension(FreshestCRLExtension.OID, - info); - boolean val = Boolean.valueOf(value).booleanValue(); - - ext.setCritical(val); - } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { - ext = (FreshestCRLExtension) - getExtension(FreshestCRLExtension.OID, - info); - - Vector<NameValuePairs> v = parseRecords(value); - int size = v.size(); - - boolean critical = ext.isCritical(); - int i = 0; - - for (; i < size; i++) { - NameValuePairs nvps = v.elementAt(i); - String pointType = null; - String pointValue = null; - String issuerType = null; - String issuerValue = null; - String enable = null; - CRLDistributionPoint cdp = new CRLDistributionPoint(); - - for (String name1 : nvps.keySet()) { - - if (name1.equals(POINT_TYPE)) { - pointType = nvps.get(name1); - } else if (name1.equals(POINT_NAME)) { - pointValue = nvps.get(name1); - } else if (name1.equals(ISSUER_TYPE)) { - issuerType = nvps.get(name1); - } else if (name1.equals(ISSUER_NAME)) { - issuerValue = nvps.get(name1); - } else if (name1.equals(ENABLE)) { - enable = nvps.get(name1); - } - } - - if (enable != null && enable.equals("true")) { - if (pointType != null) - addCRLPoint(locale, cdp, pointType, pointValue); - if (issuerType != null) - addIssuer(locale, cdp, issuerType, issuerValue); - - // this is the first distribution point - if (i == 0) { - ext = new FreshestCRLExtension(cdp); - ext.setCritical(critical); - } else { - ext.addPoint(cdp); - } - } - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - replaceExtension(PKIXExtensions.FreshestCRL_Id.toString(), - ext, info); - } catch (EProfileException e) { - CMS.debug("FreshestCRLExtDefault: setValue " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - private void addCRLPoint(Locale locale, CRLDistributionPoint cdp, String type, - String value) throws EPropertyException { - try { - if (value == null || value.length() == 0) - return; - - if (isGeneralNameType(type)) { - GeneralNames gen = new GeneralNames(); - - gen.addElement(parseGeneralName(type, value)); - cdp.setFullName(gen); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", type)); - } - } catch (IOException e) { - CMS.debug("FreshestCRLExtDefault: addCRLPoint " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", type)); - } catch (GeneralNamesException e) { - CMS.debug("FreshestCRLExtDefault: addCRLPoint " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", type)); - } - } - - private void addIssuer(Locale locale, CRLDistributionPoint cdp, String type, - String value) throws EPropertyException { - if (value == null || value.length() == 0) - return; - try { - if (isGeneralNameType(type)) { - GeneralNames gen = new GeneralNames(); - - gen.addElement(parseGeneralName(type, value)); - cdp.setCRLIssuer(gen); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", type)); - } - } catch (IOException e) { - CMS.debug("FreshestCRLExtDefault: addIssuer " + - e.toString()); - } catch (GeneralNamesException e) { - CMS.debug("FreshestCRLExtDefault: addIssuer " + - e.toString()); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - FreshestCRLExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = (FreshestCRLExtension) - getExtension(FreshestCRLExtension.OID, - info); - if (ext == null) { - try { - populate(locale, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - if (name.equals(VAL_CRITICAL)) { - ext = (FreshestCRLExtension) - getExtension(FreshestCRLExtension.OID, - info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { - ext = (FreshestCRLExtension) - getExtension(FreshestCRLExtension.OID, - info); - - if (ext == null) - return ""; - - Vector<NameValuePairs> recs = new Vector<NameValuePairs>(); - int num = getNumPoints(); - for (int i = 0; i < num; i++) { - NameValuePairs pairs = null; - - if (i < ext.getNumPoints()) { - CRLDistributionPoint p = ext.getPointAt(i); - GeneralNames gns = p.getFullName(); - - pairs = buildGeneralNames(gns, p); - } else { - pairs = buildEmptyGeneralNames(); - } - recs.addElement(pairs); - } - - return buildRecords(recs); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - protected NameValuePairs buildEmptyGeneralNames() { - NameValuePairs pairs = new NameValuePairs(); - - pairs.put(POINT_TYPE, ""); - pairs.put(POINT_NAME, ""); - pairs.put(ISSUER_TYPE, ""); - pairs.put(ISSUER_NAME, ""); - pairs.put(ENABLE, "false"); - return pairs; - } - - protected NameValuePairs buildGeneralNames(GeneralNames gns, CRLDistributionPoint p) - throws EPropertyException { - - NameValuePairs pairs = new NameValuePairs(); - - boolean hasFullName = false; - - pairs.put(ENABLE, "true"); - if (gns == null) { - pairs.put(POINT_TYPE, ""); - pairs.put(POINT_NAME, ""); - } else { - GeneralName gn = (GeneralName) gns.elementAt(0); - - if (gn != null) { - hasFullName = true; - - pairs.put(POINT_TYPE, getGeneralNameType(gn)); - pairs.put(POINT_NAME, getGeneralNameValue(gn)); - } - } - - if (!hasFullName) { - pairs.put(POINT_TYPE, GN_DIRECTORY_NAME); - pairs.put(POINT_NAME, ""); - } - - gns = p.getCRLIssuer(); - - if (gns == null) { - pairs.put(ISSUER_TYPE, GN_DIRECTORY_NAME); - pairs.put(ISSUER_NAME, ""); - } else { - GeneralName gn = (GeneralName) gns.elementAt(0); - - if (gn != null) { - hasFullName = true; - - pairs.put(ISSUER_TYPE, getGeneralNameType(gn)); - pairs.put(ISSUER_NAME, getGeneralNameValue(gn)); - } - } - return pairs; - } - - public String getText(Locale locale) { - StringBuffer sb = new StringBuffer(); - int num = getNumPoints(); - - for (int i = 0; i < num; i++) { - sb.append("Record #"); - sb.append(i); - sb.append("{"); - sb.append(POINT_TYPE + ":"); - sb.append(getConfig(CONFIG_POINT_TYPE + i)); - sb.append(","); - sb.append(POINT_NAME + ":"); - sb.append(getConfig(CONFIG_POINT_NAME + i)); - sb.append(","); - sb.append(ISSUER_TYPE + ":"); - sb.append(getConfig(CONFIG_ISSUER_TYPE + i)); - sb.append(","); - sb.append(ISSUER_NAME + ":"); - sb.append(getConfig(CONFIG_ISSUER_NAME + i)); - sb.append(","); - sb.append(ENABLE + ":"); - sb.append(getConfig(CONFIG_ENABLE + i)); - sb.append("}"); - } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_FRESHEST_CRL_EXT", - getConfig(CONFIG_CRITICAL), - sb.toString()); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - FreshestCRLExtension ext = createExtension(request); - - if (ext == null) - return; - addExtension(FreshestCRLExtension.OID, ext, info); - } - - public FreshestCRLExtension createExtension(IRequest request) { - FreshestCRLExtension ext = new FreshestCRLExtension(); - int num = 0; - - try { - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - ext.setCritical(critical); - - num = getNumPoints(); - for (int i = 0; i < num; i++) { - CRLDistributionPoint cdp = new CRLDistributionPoint(); - - String enable = getConfig(CONFIG_ENABLE + i); - String pointType = getConfig(CONFIG_POINT_TYPE + i); - String pointName = getConfig(CONFIG_POINT_NAME + i); - String issuerType = getConfig(CONFIG_ISSUER_TYPE + i); - String issuerName = getConfig(CONFIG_ISSUER_NAME + i); - - if (enable != null && enable.equals("true")) { - if (pointType != null) - addCRLPoint(getLocale(request), cdp, pointType, pointName); - if (issuerType != null) - addIssuer(getLocale(request), cdp, issuerType, issuerName); - - ext.addPoint(cdp); - } - } - } catch (Exception e) { - CMS.debug("FreshestCRLExtDefault: createExtension " + - e.toString()); - } - - return ext; - } - - /** - * Populates the request with this policy default. - */ - private void populate(Locale locale, X509CertInfo info) - throws EProfileException { - FreshestCRLExtension ext = createExtension(locale); - - if (ext == null) - return; - addExtension(FreshestCRLExtension.OID, ext, info); - } - - public FreshestCRLExtension createExtension(Locale locale) { - FreshestCRLExtension ext = new FreshestCRLExtension(); - int num = 0; - - try { - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - ext.setCritical(critical); - - num = getNumPoints(); - for (int i = 0; i < num; i++) { - CRLDistributionPoint cdp = new CRLDistributionPoint(); - - String enable = getConfig(CONFIG_ENABLE + i); - String pointType = getConfig(CONFIG_POINT_TYPE + i); - String pointName = getConfig(CONFIG_POINT_NAME + i); - String issuerType = getConfig(CONFIG_ISSUER_TYPE + i); - String issuerName = getConfig(CONFIG_ISSUER_NAME + i); - - if (enable != null && enable.equals("true")) { - if (pointType != null) - addCRLPoint(locale, cdp, pointType, pointName); - if (issuerType != null) - addIssuer(locale, cdp, issuerType, issuerName); - - ext.addPoint(cdp); - } - } - } catch (Exception e) { - CMS.debug("FreshestCRLExtDefault: createExtension " + - e.toString()); - } - - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java deleted file mode 100644 index 1797091b7..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java +++ /dev/null @@ -1,260 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.util.Locale; - -import netscape.security.util.DerOutputStream; -import netscape.security.util.ObjectIdentifier; -import netscape.security.x509.Extension; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a Netscape comment extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class GenericExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "genericExtCritical"; - public static final String CONFIG_OID = "genericExtOID"; - public static final String CONFIG_DATA = "genericExtData"; - - public static final String VAL_CRITICAL = "genericExtCritical"; - public static final String VAL_DATA = "genericExtData"; - - public GenericExtDefault() { - super(); - addValueName(VAL_CRITICAL); - addValueName(VAL_DATA); - - addConfigName(CONFIG_CRITICAL); - addConfigName(CONFIG_OID); - addConfigName(CONFIG_DATA); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(CONFIG_OID)) { - return new Descriptor(IDescriptor.STRING, null, - "Comment Here...", - CMS.getUserMessage(locale, "CMS_PROFILE_OID")); - } else if (name.equals(CONFIG_DATA)) { - return new Descriptor(IDescriptor.STRING, null, - "Comment Here...", - CMS.getUserMessage(locale, "CMS_PROFILE_EXT_VALUE")); - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_DATA)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_EXT_VALUE")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - Extension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ObjectIdentifier oid = new ObjectIdentifier(getConfig(CONFIG_OID)); - - ext = (Extension) - getExtension(oid.toString(), info); - - if (ext == null) { - populate(null, info); - } - - if (name.equals(VAL_CRITICAL)) { - ext = (Extension) - getExtension(oid.toString(), info); - if (ext == null) { - return; - } - boolean val = Boolean.valueOf(value).booleanValue(); - ext.setCritical(val); - } else if (name.equals(VAL_DATA)) { - ext = (Extension) - getExtension(oid.toString(), info); - if (ext == null) { - return; - } - byte data[] = getBytes(value); - ext.setExtensionValue(data); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - replaceExtension(ext.getExtensionId().toString(), ext, info); - } catch (EProfileException e) { - CMS.debug("GenericExtDefault: setValue " + e.toString()); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - Extension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ObjectIdentifier oid = new ObjectIdentifier(getConfig(CONFIG_OID)); - - ext = (Extension) - getExtension(oid.toString(), info); - - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - if (name.equals(VAL_CRITICAL)) { - - ext = (Extension) - getExtension(oid.toString(), info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_DATA)) { - - ext = (Extension) - getExtension(oid.toString(), info); - - if (ext == null) - return ""; - - byte data[] = ext.getExtensionValue(); - - if (data == null) - return ""; - - return toStr(data); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_OID), - getConfig(CONFIG_DATA) - }; - - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_GENERIC_EXT", params); - } - - public String toStr(byte data[]) { - StringBuffer b = new StringBuffer(); - for (int i = 0; i < data.length; i++) { - if ((data[i] & 0xff) < 16) { - b.append("0"); - } - b.append(Integer.toString((int) (data[i] & 0xff), 0x10)); - } - return b.toString(); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - Extension ext = createExtension(request); - - addExtension(ext.getExtensionId().toString(), ext, info); - } - - public Extension createExtension(IRequest request) { - Extension ext = null; - - try { - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - ObjectIdentifier oid = new ObjectIdentifier(getConfig(CONFIG_OID)); - byte data[] = null; - - if (request == null) { - data = getBytes(getConfig(CONFIG_DATA)); - } else { - data = getBytes(mapPattern(request, getConfig(CONFIG_DATA))); - } - - DerOutputStream out = new DerOutputStream(); - out.putOctetString(data); - - ext = new Extension(oid, critical, out.toByteArray()); - } catch (Exception e) { - CMS.debug("GenericExtDefault: createExtension " + - e.toString()); - } - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java deleted file mode 100644 index 16a7ac402..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java +++ /dev/null @@ -1,105 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.util.Locale; - -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that shows an image in the approval page. - * - * @version $Revision$, $Date$ - */ -public class ImageDefault extends EnrollDefault { - - public static final String INPUT_IMAGE_URL = "image_url"; - - public static final String VAL_IMAGE_URL = "pd_image_url"; - - public ImageDefault() { - super(); - addValueName(VAL_IMAGE_URL); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - return null; - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_IMAGE_URL)) { - return new Descriptor(IDescriptor.IMAGE_URL, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_IMAGE")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - } - - public String getValue(String name, Locale locale, IRequest request) - throws EPropertyException { - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - if (name.equals(VAL_IMAGE_URL)) { - return request.getExtDataInString(INPUT_IMAGE_URL); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - return null; - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_IMAGE"); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java deleted file mode 100644 index 97cfb3ff4..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java +++ /dev/null @@ -1,271 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.math.BigInteger; -import java.util.Locale; - -import netscape.security.extensions.InhibitAnyPolicyExtension; -import netscape.security.util.BigInt; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an inhibit Any-Policy extension - * - * @version $Revision$, $Date$ - */ -public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "critical"; - public static final String CONFIG_SKIP_CERTS = "skipCerts"; - - public static final String VAL_CRITICAL = "critical"; - public static final String VAL_SKIP_CERTS = "skipCerts"; - - private static final String SKIP_CERTS = "Skip Certs"; - private static final String GN_PATTERN = "Pattern"; - - public InhibitAnyPolicyExtDefault() { - super(); - addValueName(VAL_CRITICAL); - addValueName(VAL_SKIP_CERTS); - - addConfigName(CONFIG_CRITICAL); - addConfigName(CONFIG_SKIP_CERTS); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "true", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.startsWith(CONFIG_SKIP_CERTS)) { - return new Descriptor(IDescriptor.INTEGER, null, "0", - CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS")); - } else { - return null; - } - } - - public void setConfig(String name, String value) - throws EPropertyException { - if (name.equals(CONFIG_SKIP_CERTS)) { - try { - Integer.parseInt(value); - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_SKIP_CERTS)); - } - } - super.setConfig(name, value); - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "true", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_SKIP_CERTS)) { - return new Descriptor(IDescriptor.INTEGER, null, "0", - CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - InhibitAnyPolicyExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); - - if (ext == null) { - populate(null, info); - } - - if (name.equals(VAL_CRITICAL)) { - ext = (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); - - if (ext == null) { - // it is ok, the extension is never populated or delted - return; - } - boolean critical = Boolean.valueOf(value).booleanValue(); - - ext.setCritical(critical); - } else if (name.equals(VAL_SKIP_CERTS)) { - ext = (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); - - if (ext == null) { - // it is ok, the extension is never populated or delted - return; - } - boolean critical = ext.isCritical(); - if (value.equals("")) { - // if value is empty, do not add this extension - deleteExtension(InhibitAnyPolicyExtension.OID, info); - return; - } - BigInt num = null; - try { - BigInteger l = new BigInteger(value); - num = new BigInt(l); - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - ext = new InhibitAnyPolicyExtension(critical, - num); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - replaceExtension(InhibitAnyPolicyExtension.OID, ext, info); - } catch (EProfileException e) { - CMS.debug("InhibitAnyPolicyExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - InhibitAnyPolicyExtension ext = - (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); - - if (ext == null) { - try { - populate(null, info); - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - if (name.equals(VAL_CRITICAL)) { - ext = (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_SKIP_CERTS)) { - ext = (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); - if (ext == null) { - return null; - } - - BigInt n = ext.getSkipCerts(); - return "" + n.toInt(); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - /* - * returns text that goes into description for this extension on - * a profile - */ - public String getText(Locale locale) { - StringBuffer sb = new StringBuffer(); - sb.append(SKIP_CERTS + ":"); - sb.append(getConfig(CONFIG_SKIP_CERTS)); - - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_INHIBIT_ANY_POLICY_EXT", - getConfig(CONFIG_CRITICAL), sb.toString()); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - InhibitAnyPolicyExtension ext = null; - - ext = createExtension(request); - addExtension(InhibitAnyPolicyExtension.OID, ext, info); - } - - public InhibitAnyPolicyExtension createExtension(IRequest request) - throws EProfileException { - InhibitAnyPolicyExtension ext = null; - - boolean critical = Boolean.valueOf( - getConfig(CONFIG_CRITICAL)).booleanValue(); - - String str = getConfig(CONFIG_SKIP_CERTS); - if (str == null || str.equals("")) { - ext = new InhibitAnyPolicyExtension(); - ext.setCritical(critical); - } else { - BigInt val = null; - try { - BigInteger b = new BigInteger(str); - val = new BigInt(b); - } catch (NumberFormatException e) { - throw new EProfileException( - CMS.getUserMessage("CMS_PROFILE_INHIBIT_ANY_POLICY_WRONG_SKIP_CERTS")); - } - - try { - ext = new InhibitAnyPolicyExtension(critical, val); - } catch (Exception e) { - CMS.debug(e.toString()); - } - } - - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java deleted file mode 100644 index 251d8a3e7..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java +++ /dev/null @@ -1,317 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Locale; -import java.util.StringTokenizer; - -import netscape.security.x509.GeneralName; -import netscape.security.x509.GeneralNameInterface; -import netscape.security.x509.GeneralNames; -import netscape.security.x509.IssuerAlternativeNameExtension; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a issuer alternative name extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class IssuerAltNameExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "issuerAltNameExtCritical"; - public static final String CONFIG_TYPE = "issuerAltExtType"; - public static final String CONFIG_PATTERN = "issuerAltExtPattern"; - - public static final String VAL_CRITICAL = "issuerAltNameExtCritical"; - public static final String VAL_GENERAL_NAMES = "issuerAltNames"; - - public IssuerAltNameExtDefault() { - super(); - addValueName(VAL_CRITICAL); - addValueName(VAL_GENERAL_NAMES); - - addConfigName(CONFIG_CRITICAL); - addConfigName(CONFIG_TYPE); - addConfigName(CONFIG_PATTERN); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(CONFIG_TYPE)) { - return new Descriptor(IDescriptor.CHOICE, - "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", - "RFC822Name", - CMS.getUserMessage(locale, - "CMS_PROFILE_ISSUER_ALT_NAME_TYPE")); - } else if (name.equals(CONFIG_PATTERN)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_ISSUER_ALT_NAME_PATTERN")); - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_GENERAL_NAMES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - IssuerAlternativeNameExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = - (IssuerAlternativeNameExtension) - getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); - - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - if (name.equals(VAL_CRITICAL)) { - ext = - (IssuerAlternativeNameExtension) - getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); - - if (ext == null) { - // it is ok, the extension is never populated or delted - return; - } - boolean critical = Boolean.valueOf(value).booleanValue(); - - ext.setCritical(critical); - } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = - (IssuerAlternativeNameExtension) - getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); - - if (ext == null) { - // it is ok, the extension is never populated or delted - return; - } - if (value.equals("")) { - // if value is empty, do not add this extension - deleteExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); - return; - } - GeneralNames gn = new GeneralNames(); - StringTokenizer st = new StringTokenizer(value, "\r\n"); - - while (st.hasMoreTokens()) { - String gname = (String) st.nextToken(); - - GeneralNameInterface n = parseGeneralName(gname); - if (n != null) { - gn.addElement(n); - } - } - ext.set(IssuerAlternativeNameExtension.ISSUER_NAME, gn); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - replaceExtension( - PKIXExtensions.IssuerAlternativeName_Id.toString(), - ext, info); - } catch (IOException e) { - CMS.debug("IssuerAltNameExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } catch (EProfileException e) { - CMS.debug("IssuerAltNameExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - try { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - IssuerAlternativeNameExtension ext = - (IssuerAlternativeNameExtension) - getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); - - if (ext == null) { - - try { - populate(null, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - if (name.equals(VAL_CRITICAL)) { - ext = - (IssuerAlternativeNameExtension) - getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = - (IssuerAlternativeNameExtension) - getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); - if (ext == null) { - return ""; - } - - GeneralNames names = (GeneralNames) - ext.get(IssuerAlternativeNameExtension.ISSUER_NAME); - StringBuffer sb = new StringBuffer(); - Enumeration<GeneralNameInterface> e = names.elements(); - - while (e.hasMoreElements()) { - GeneralName gn = (GeneralName) e.nextElement(); - - if (!sb.toString().equals("")) { - sb.append("\r\n"); - } - sb.append(toGeneralNameString(gn)); - } - return sb.toString(); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } catch (IOException e) { - CMS.debug("IssuerAltNameExtDefault: getValue " + - e.toString()); - } - return null; - } - - public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_PATTERN), - getConfig(CONFIG_TYPE) - }; - - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_ISSUER_ALT_NAME_EXT", params); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - IssuerAlternativeNameExtension ext = null; - - try { - ext = createExtension(request); - - } catch (IOException e) { - CMS.debug("IssuerAltNameExtDefault: populate " + e.toString()); - } - addExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), - ext, info); - } - - public IssuerAlternativeNameExtension createExtension(IRequest request) - throws IOException { - IssuerAlternativeNameExtension ext = null; - - try { - ext = new IssuerAlternativeNameExtension(); - } catch (Exception e) { - CMS.debug(e.toString()); - throw new IOException(e.toString()); - } - boolean critical = Boolean.valueOf( - getConfig(CONFIG_CRITICAL)).booleanValue(); - String pattern = getConfig(CONFIG_PATTERN); - - if (!pattern.equals("")) { - GeneralNames gn = new GeneralNames(); - - String gname = ""; - - if (request != null) { - gname = mapPattern(request, pattern); - } - - gn.addElement(parseGeneralName( - getConfig(CONFIG_TYPE) + ":" + gname)); - ext.set(IssuerAlternativeNameExtension.ISSUER_NAME, gn); - } - ext.setCritical(critical); - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java deleted file mode 100644 index 1bfda9ad9..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java +++ /dev/null @@ -1,511 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Locale; - -import netscape.security.x509.KeyUsageExtension; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a Key Usage extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class KeyUsageExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "keyUsageCritical"; - public static final String CONFIG_DIGITAL_SIGNATURE = - "keyUsageDigitalSignature"; - public static final String CONFIG_NON_REPUDIATION = - "keyUsageNonRepudiation"; - public static final String CONFIG_KEY_ENCIPHERMENT = - "keyUsageKeyEncipherment"; - public static final String CONFIG_DATA_ENCIPHERMENT = - "keyUsageDataEncipherment"; - public static final String CONFIG_KEY_AGREEMENT = "keyUsageKeyAgreement"; - public static final String CONFIG_KEY_CERTSIGN = "keyUsageKeyCertSign"; - public static final String CONFIG_CRL_SIGN = "keyUsageCrlSign"; - public static final String CONFIG_ENCIPHER_ONLY = "keyUsageEncipherOnly"; - public static final String CONFIG_DECIPHER_ONLY = "keyUsageDecipherOnly"; - - public static final String VAL_CRITICAL = "keyUsageCritical"; - public static final String VAL_DIGITAL_SIGNATURE = - "keyUsageDigitalSignature"; - public static final String VAL_NON_REPUDIATION = - "keyUsageNonRepudiation"; - public static final String VAL_KEY_ENCIPHERMENT = - "keyUsageKeyEncipherment"; - public static final String VAL_DATA_ENCIPHERMENT = - "keyUsageDataEncipherment"; - public static final String VAL_KEY_AGREEMENT = "keyUsageKeyAgreement"; - public static final String VAL_KEY_CERTSIGN = "keyUsageKeyCertSign"; - public static final String VAL_CRL_SIGN = "keyUsageCrlSign"; - public static final String VAL_ENCIPHER_ONLY = "keyUsageEncipherOnly"; - public static final String VAL_DECIPHER_ONLY = "keyUsageDecipherOnly"; - - public KeyUsageExtDefault() { - super(); - addValueName(VAL_CRITICAL); - addValueName(VAL_DIGITAL_SIGNATURE); - addValueName(VAL_NON_REPUDIATION); - addValueName(VAL_KEY_ENCIPHERMENT); - addValueName(VAL_DATA_ENCIPHERMENT); - addValueName(VAL_KEY_AGREEMENT); - addValueName(VAL_KEY_CERTSIGN); - addValueName(VAL_CRL_SIGN); - addValueName(VAL_ENCIPHER_ONLY); - addValueName(VAL_DECIPHER_ONLY); - - addConfigName(CONFIG_CRITICAL); - addConfigName(CONFIG_DIGITAL_SIGNATURE); - addConfigName(CONFIG_NON_REPUDIATION); - addConfigName(CONFIG_KEY_ENCIPHERMENT); - addConfigName(CONFIG_DATA_ENCIPHERMENT); - addConfigName(CONFIG_KEY_AGREEMENT); - addConfigName(CONFIG_KEY_CERTSIGN); - addConfigName(CONFIG_CRL_SIGN); - addConfigName(CONFIG_ENCIPHER_ONLY); - addConfigName(CONFIG_DECIPHER_ONLY); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(CONFIG_DIGITAL_SIGNATURE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_DIGITAL_SIGNATURE")); - } else if (name.equals(CONFIG_NON_REPUDIATION)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_NON_REPUDIATION")); - } else if (name.equals(CONFIG_KEY_ENCIPHERMENT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ENCIPHERMENT")); - } else if (name.equals(CONFIG_DATA_ENCIPHERMENT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_DATA_ENCIPHERMENT")); - } else if (name.equals(CONFIG_KEY_AGREEMENT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_KEY_AGREEMENT")); - } else if (name.equals(CONFIG_KEY_CERTSIGN)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_KEY_CERTSIGN")); - } else if (name.equals(CONFIG_CRL_SIGN)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRL_SIGN")); - } else if (name.equals(CONFIG_ENCIPHER_ONLY)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_ENCIPHER_ONLY")); - } else if (name.equals(CONFIG_DECIPHER_ONLY)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_DECIPHER_ONLY")); - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_DIGITAL_SIGNATURE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_DIGITAL_SIGNATURE")); - } else if (name.equals(VAL_NON_REPUDIATION)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_NON_REPUDIATION")); - } else if (name.equals(VAL_KEY_ENCIPHERMENT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ENCIPHERMENT")); - } else if (name.equals(VAL_DATA_ENCIPHERMENT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_DATA_ENCIPHERMENT")); - } else if (name.equals(VAL_KEY_AGREEMENT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_KEY_AGREEMENT")); - } else if (name.equals(VAL_KEY_CERTSIGN)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_KEY_CERTSIGN")); - } else if (name.equals(VAL_CRL_SIGN)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRL_SIGN")); - } else if (name.equals(VAL_ENCIPHER_ONLY)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_ENCIPHER_ONLY")); - } else if (name.equals(VAL_DECIPHER_ONLY)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_DECIPHER_ONLY")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - KeyUsageExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - - if (ext == null) { - populate(null, info); - - } - - if (name.equals(VAL_CRITICAL)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - boolean val = Boolean.valueOf(value).booleanValue(); - - if (ext == null) { - return; - } - ext.setCritical(val); - } else if (name.equals(VAL_DIGITAL_SIGNATURE)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return; - } - Boolean val = Boolean.valueOf(value); - - ext.set(KeyUsageExtension.DIGITAL_SIGNATURE, val); - } else if (name.equals(VAL_NON_REPUDIATION)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return; - } - Boolean val = Boolean.valueOf(value); - - ext.set(KeyUsageExtension.NON_REPUDIATION, val); - } else if (name.equals(VAL_KEY_ENCIPHERMENT)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return; - } - Boolean val = Boolean.valueOf(value); - - ext.set(KeyUsageExtension.KEY_ENCIPHERMENT, val); - } else if (name.equals(VAL_DATA_ENCIPHERMENT)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return; - } - Boolean val = Boolean.valueOf(value); - - ext.set(KeyUsageExtension.DATA_ENCIPHERMENT, val); - } else if (name.equals(VAL_KEY_AGREEMENT)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return; - } - Boolean val = Boolean.valueOf(value); - - ext.set(KeyUsageExtension.KEY_AGREEMENT, val); - } else if (name.equals(VAL_KEY_CERTSIGN)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return; - } - Boolean val = Boolean.valueOf(value); - - ext.set(KeyUsageExtension.KEY_CERTSIGN, val); - } else if (name.equals(VAL_CRL_SIGN)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return; - } - Boolean val = Boolean.valueOf(value); - - ext.set(KeyUsageExtension.CRL_SIGN, val); - } else if (name.equals(VAL_ENCIPHER_ONLY)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return; - } - Boolean val = Boolean.valueOf(value); - - ext.set(KeyUsageExtension.ENCIPHER_ONLY, val); - } else if (name.equals(VAL_DECIPHER_ONLY)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return; - } - Boolean val = Boolean.valueOf(value); - - ext.set(KeyUsageExtension.DECIPHER_ONLY, val); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - replaceExtension(PKIXExtensions.KeyUsage_Id.toString(), ext, info); - } catch (IOException e) { - CMS.debug("KeyUsageExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } catch (EProfileException e) { - CMS.debug("KeyUsageExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - try { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - KeyUsageExtension ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - if (name.equals(VAL_CRITICAL)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_DIGITAL_SIGNATURE)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return null; - } - - Boolean val = (Boolean) - ext.get(KeyUsageExtension.DIGITAL_SIGNATURE); - - return val.toString(); - } else if (name.equals(VAL_NON_REPUDIATION)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return null; - } - Boolean val = (Boolean) - ext.get(KeyUsageExtension.NON_REPUDIATION); - - return val.toString(); - } else if (name.equals(VAL_KEY_ENCIPHERMENT)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return null; - } - Boolean val = (Boolean) - ext.get(KeyUsageExtension.KEY_ENCIPHERMENT); - - return val.toString(); - } else if (name.equals(VAL_DATA_ENCIPHERMENT)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return null; - } - Boolean val = (Boolean) - ext.get(KeyUsageExtension.DATA_ENCIPHERMENT); - - return val.toString(); - } else if (name.equals(VAL_KEY_AGREEMENT)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return null; - } - Boolean val = (Boolean) - ext.get(KeyUsageExtension.KEY_AGREEMENT); - - return val.toString(); - } else if (name.equals(VAL_KEY_CERTSIGN)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return null; - } - Boolean val = (Boolean) - ext.get(KeyUsageExtension.KEY_CERTSIGN); - - return val.toString(); - } else if (name.equals(VAL_CRL_SIGN)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return null; - } - Boolean val = (Boolean) - ext.get(KeyUsageExtension.CRL_SIGN); - - return val.toString(); - } else if (name.equals(VAL_ENCIPHER_ONLY)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return null; - } - Boolean val = (Boolean) - ext.get(KeyUsageExtension.ENCIPHER_ONLY); - - return val.toString(); - } else if (name.equals(VAL_DECIPHER_ONLY)) { - ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - return null; - } - Boolean val = (Boolean) - ext.get(KeyUsageExtension.DECIPHER_ONLY); - - return val.toString(); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } catch (IOException e) { - CMS.debug("KeyUsageExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_DIGITAL_SIGNATURE), - getConfig(CONFIG_NON_REPUDIATION), - getConfig(CONFIG_KEY_ENCIPHERMENT), - getConfig(CONFIG_DATA_ENCIPHERMENT), - getConfig(CONFIG_KEY_AGREEMENT), - getConfig(CONFIG_KEY_CERTSIGN), - getConfig(CONFIG_CRL_SIGN), - getConfig(CONFIG_ENCIPHER_ONLY), - getConfig(CONFIG_DECIPHER_ONLY) - }; - - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_KEY_USAGE_EXT", params); - - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - KeyUsageExtension ext = createKeyUsageExtension(); - - addExtension(PKIXExtensions.KeyUsage_Id.toString(), ext, info); - } - - public KeyUsageExtension createKeyUsageExtension() { - KeyUsageExtension ext = null; - boolean[] bits = new boolean[KeyUsageExtension.NBITS]; - - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - - bits[0] = getConfigBoolean(CONFIG_DIGITAL_SIGNATURE); - bits[1] = getConfigBoolean(CONFIG_NON_REPUDIATION); - bits[2] = getConfigBoolean(CONFIG_KEY_ENCIPHERMENT); - bits[3] = getConfigBoolean(CONFIG_DATA_ENCIPHERMENT); - bits[4] = getConfigBoolean(CONFIG_KEY_AGREEMENT); - bits[5] = getConfigBoolean(CONFIG_KEY_CERTSIGN); - bits[6] = getConfigBoolean(CONFIG_CRL_SIGN); - bits[7] = getConfigBoolean(CONFIG_ENCIPHER_ONLY); - bits[8] = getConfigBoolean(CONFIG_DECIPHER_ONLY); - try { - ext = new KeyUsageExtension(critical, bits); - } catch (Exception e) { - CMS.debug("KeyUsageExtDefault: createKeyUsageExtension " + - e.toString()); - } - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java deleted file mode 100644 index cc96f3e90..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java +++ /dev/null @@ -1,246 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Locale; - -import netscape.security.util.ObjectIdentifier; -import netscape.security.x509.NSCCommentExtension; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a Netscape comment extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class NSCCommentExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "nscCommentCritical"; - public static final String CONFIG_COMMENT = "nscCommentContent"; - - public static final String VAL_CRITICAL = "nscCommentCritical"; - public static final String VAL_COMMENT = "nscCommentContent"; - - public NSCCommentExtDefault() { - super(); - addValueName(VAL_CRITICAL); - addValueName(VAL_COMMENT); - - addConfigName(CONFIG_CRITICAL); - addConfigName(CONFIG_COMMENT); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(CONFIG_COMMENT)) { - return new Descriptor(IDescriptor.STRING, null, - "Comment Here...", - CMS.getUserMessage(locale, "CMS_PROFILE_COMMENT")); - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_COMMENT)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_COMMENT")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - NSCCommentExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ObjectIdentifier oid = NSCCommentExtension.OID; - - ext = (NSCCommentExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - populate(null, info); - } - - if (name.equals(VAL_CRITICAL)) { - - ext = (NSCCommentExtension) - getExtension(oid.toString(), info); - boolean val = Boolean.valueOf(value).booleanValue(); - - if (ext == null) { - return; - } - ext.setCritical(val); - } else if (name.equals(VAL_COMMENT)) { - - ext = (NSCCommentExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - return; - } - boolean critical = ext.isCritical(); - - if (value == null || value.equals("")) - ext = new NSCCommentExtension(critical, ""); - // throw new EPropertyException(name+" cannot be empty"); - else - ext = new NSCCommentExtension(critical, value); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - replaceExtension(ext.getExtensionId().toString(), ext, info); - } catch (IOException e) { - CMS.debug("NSCCommentExtDefault: setValue " + e.toString()); - } catch (EProfileException e) { - CMS.debug("NSCCommentExtDefault: setValue " + e.toString()); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - NSCCommentExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ObjectIdentifier oid = NSCCommentExtension.OID; - - ext = (NSCCommentExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - if (name.equals(VAL_CRITICAL)) { - - ext = (NSCCommentExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_COMMENT)) { - - ext = (NSCCommentExtension) - getExtension(oid.toString(), info); - - if (ext == null) - return ""; - - String comment = ext.getComment(); - - if (comment == null) - comment = ""; - - return comment; - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_COMMENT) - }; - - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_NS_COMMENT_EXT", params); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - NSCCommentExtension ext = createExtension(); - - addExtension(ext.getExtensionId().toString(), ext, info); - } - - public NSCCommentExtension createExtension() { - NSCCommentExtension ext = null; - - try { - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - String comment = getConfig(CONFIG_COMMENT); - - if (comment == null || comment.equals("")) - ext = new NSCCommentExtension(critical, ""); - else - ext = new NSCCommentExtension(critical, comment); - } catch (Exception e) { - CMS.debug("NSCCommentExtension: createExtension " + - e.toString()); - } - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java deleted file mode 100644 index 0677ef69f..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java +++ /dev/null @@ -1,419 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.security.cert.CertificateException; -import java.util.Locale; - -import netscape.security.extensions.NSCertTypeExtension; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a Netscape Certificate Type extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class NSCertTypeExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "nsCertCritical"; - public static final String CONFIG_SSL_CLIENT = "nsCertSSLClient"; - public static final String CONFIG_SSL_SERVER = "nsCertSSLServer"; - public static final String CONFIG_EMAIL = "nsCertEmail"; - public static final String CONFIG_OBJECT_SIGNING = "nsCertObjectSigning"; - public static final String CONFIG_SSL_CA = "nsCertSSLCA"; - public static final String CONFIG_EMAIL_CA = "nsCertEmailCA"; - public static final String CONFIG_OBJECT_SIGNING_CA = "nsCertObjectSigningCA"; - - public static final String VAL_CRITICAL = "nsCertCritical"; - public static final String VAL_SSL_CLIENT = "nsCertSSLClient"; - public static final String VAL_SSL_SERVER = "nsCertSSLServer"; - public static final String VAL_EMAIL = "nsCertEmail"; - public static final String VAL_OBJECT_SIGNING = "nsCertObjectSigning"; - public static final String VAL_SSL_CA = "nsCertSSLCA"; - public static final String VAL_EMAIL_CA = "nsCertEmailCA"; - public static final String VAL_OBJECT_SIGNING_CA = "nsCertObjectSigningCA"; - - public NSCertTypeExtDefault() { - super(); - addValueName(VAL_CRITICAL); - addValueName(VAL_SSL_CLIENT); - addValueName(VAL_SSL_SERVER); - addValueName(VAL_EMAIL); - addValueName(VAL_OBJECT_SIGNING); - addValueName(VAL_SSL_CA); - addValueName(VAL_EMAIL_CA); - addValueName(VAL_OBJECT_SIGNING_CA); - - addConfigName(CONFIG_CRITICAL); - addConfigName(CONFIG_SSL_CLIENT); - addConfigName(CONFIG_SSL_SERVER); - addConfigName(CONFIG_EMAIL); - addConfigName(CONFIG_OBJECT_SIGNING); - addConfigName(CONFIG_SSL_CA); - addConfigName(CONFIG_EMAIL_CA); - addConfigName(CONFIG_OBJECT_SIGNING_CA); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(CONFIG_SSL_CLIENT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CLIENT")); - } else if (name.equals(CONFIG_SSL_SERVER)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_SSL_SERVER")); - } else if (name.equals(CONFIG_EMAIL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL")); - } else if (name.equals(CONFIG_OBJECT_SIGNING)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING")); - } else if (name.equals(CONFIG_SSL_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CA")); - } else if (name.equals(CONFIG_EMAIL_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL_CA")); - } else if (name.equals(CONFIG_OBJECT_SIGNING_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING_CA")); - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_SSL_CLIENT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CLIENT")); - } else if (name.equals(VAL_SSL_SERVER)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_SSL_SERVER")); - } else if (name.equals(VAL_EMAIL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL")); - } else if (name.equals(VAL_OBJECT_SIGNING)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING")); - } else if (name.equals(VAL_SSL_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CA")); - } else if (name.equals(VAL_EMAIL_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL_CA")); - } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING_CA")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - NSCertTypeExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - - if (ext == null) { - populate(null, info); - - } - if (name.equals(VAL_CRITICAL)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - boolean val = Boolean.valueOf(value).booleanValue(); - - if (ext == null) { - return; - } - ext.setCritical(val); - } else if (name.equals(VAL_SSL_CLIENT)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return; - } - Boolean val = Boolean.valueOf(value); - - ext.set(NSCertTypeExtension.SSL_CLIENT, val); - } else if (name.equals(VAL_SSL_SERVER)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return; - } - Boolean val = Boolean.valueOf(value); - - ext.set(NSCertTypeExtension.SSL_SERVER, val); - } else if (name.equals(VAL_EMAIL)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return; - } - Boolean val = Boolean.valueOf(value); - - ext.set(NSCertTypeExtension.EMAIL, val); - } else if (name.equals(VAL_OBJECT_SIGNING)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return; - } - Boolean val = Boolean.valueOf(value); - - ext.set(NSCertTypeExtension.OBJECT_SIGNING, val); - } else if (name.equals(VAL_SSL_CA)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return; - } - Boolean val = Boolean.valueOf(value); - - ext.set(NSCertTypeExtension.SSL_CA, val); - } else if (name.equals(VAL_EMAIL_CA)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return; - } - Boolean val = Boolean.valueOf(value); - - ext.set(NSCertTypeExtension.EMAIL_CA, val); - } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return; - } - Boolean val = Boolean.valueOf(value); - - ext.set(NSCertTypeExtension.OBJECT_SIGNING_CA, val); - } else { - throw new EPropertyException("Invalid name " + name); - } - replaceExtension(NSCertTypeExtension.CertType_Id.toString(), ext, info); - } catch (CertificateException e) { - CMS.debug("NSCertTypeExtDefault: setValue " + e.toString()); - } catch (EProfileException e) { - CMS.debug("NSCertTypeExtDefault: setValue " + e.toString()); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - try { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - NSCertTypeExtension ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - if (name.equals(VAL_CRITICAL)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_SSL_CLIENT)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return null; - } - Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_CLIENT); - - return val.toString(); - } else if (name.equals(VAL_SSL_SERVER)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return null; - } - Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_SERVER); - - return val.toString(); - } else if (name.equals(VAL_EMAIL)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return null; - } - Boolean val = (Boolean) ext.get(NSCertTypeExtension.EMAIL); - - return val.toString(); - } else if (name.equals(VAL_OBJECT_SIGNING)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return null; - } - Boolean val = (Boolean) ext.get(NSCertTypeExtension.OBJECT_SIGNING); - - return val.toString(); - } else if (name.equals(VAL_SSL_CA)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return null; - } - Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_CA); - - return val.toString(); - } else if (name.equals(VAL_EMAIL_CA)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return null; - } - Boolean val = (Boolean) ext.get(NSCertTypeExtension.EMAIL_CA); - - return val.toString(); - } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { - ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return null; - } - Boolean val = (Boolean) ext.get(NSCertTypeExtension.OBJECT_SIGNING_CA); - - return val.toString(); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } catch (CertificateException e) { - CMS.debug("NSCertTypeExtDefault: setValue " + e.toString()); - } - return null; - } - - public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_SSL_CLIENT), - getConfig(CONFIG_SSL_SERVER), - getConfig(CONFIG_EMAIL), - getConfig(CONFIG_OBJECT_SIGNING), - getConfig(CONFIG_SSL_CA), - getConfig(CONFIG_EMAIL_CA), - getConfig(CONFIG_OBJECT_SIGNING_CA) - }; - - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_NS_CERT_TYPE_EXT", params); - - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - NSCertTypeExtension ext = createExtension(); - - addExtension(NSCertTypeExtension.CertType_Id.toString(), ext, info); - } - - public NSCertTypeExtension createExtension() { - NSCertTypeExtension ext = null; - boolean[] bits = new boolean[NSCertTypeExtension.NBITS]; - - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - - bits[0] = getConfigBoolean(CONFIG_SSL_CLIENT); - bits[1] = getConfigBoolean(CONFIG_SSL_SERVER); - bits[2] = getConfigBoolean(CONFIG_EMAIL); - bits[3] = getConfigBoolean(CONFIG_OBJECT_SIGNING); - bits[4] = getConfigBoolean(CONFIG_SSL_CA); - bits[5] = getConfigBoolean(CONFIG_EMAIL_CA); - bits[6] = getConfigBoolean(CONFIG_OBJECT_SIGNING_CA); - try { - ext = new NSCertTypeExtension(critical, bits); - } catch (Exception e) { - CMS.debug("NSCertTypeExtDefault: createExtension " + - e.toString()); - } - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java deleted file mode 100644 index e57d04067..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java +++ /dev/null @@ -1,670 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Locale; -import java.util.Vector; - -import netscape.security.x509.GeneralName; -import netscape.security.x509.GeneralNameInterface; -import netscape.security.x509.GeneralSubtree; -import netscape.security.x509.GeneralSubtrees; -import netscape.security.x509.NameConstraintsExtension; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.common.NameValuePairs; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a name constraint extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class NameConstraintsExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "nameConstraintsCritical"; - public static final String CONFIG_NUM_PERMITTED_SUBTREES = - "nameConstraintsNumPermittedSubtrees"; - public static final String CONFIG_PERMITTED_MIN_VAL = "nameConstraintsPermittedSubtreeMinValue_"; - public static final String CONFIG_PERMITTED_MAX_VAL = "nameConstraintsPermittedSubtreeMaxValue_"; - public static final String CONFIG_PERMITTED_NAME_CHOICE = "nameConstraintsPermittedSubtreeNameChoice_"; - public static final String CONFIG_PERMITTED_NAME_VAL = "nameConstraintsPermittedSubtreeNameValue_"; - public static final String CONFIG_PERMITTED_ENABLE = "nameConstraintsPermittedSubtreeEnable_"; - - public static final String CONFIG_NUM_EXCLUDED_SUBTREES = "nameConstraintsNumExcludedSubtrees"; - public static final String CONFIG_EXCLUDED_MIN_VAL = "nameConstraintsExcludedSubtreeMinValue_"; - public static final String CONFIG_EXCLUDED_MAX_VAL = "nameConstraintsExcludedSubtreeMaxValue_"; - public static final String CONFIG_EXCLUDED_NAME_CHOICE = "nameConstraintsExcludedSubtreeNameChoice_"; - public static final String CONFIG_EXCLUDED_NAME_VAL = "nameConstraintsExcludedSubtreeNameValue_"; - public static final String CONFIG_EXCLUDED_ENABLE = "nameConstraintsExcludedSubtreeEnable_"; - - public static final String VAL_CRITICAL = "nameConstraintsCritical"; - public static final String VAL_PERMITTED_SUBTREES = "nameConstraintsPermittedSubtreesValue"; - public static final String VAL_EXCLUDED_SUBTREES = "nameConstraintsExcludedSubtreesValue"; - - private static final String GENERAL_NAME_CHOICE = "GeneralNameChoice"; - private static final String GENERAL_NAME_VALUE = "GeneralNameValue"; - private static final String MIN_VALUE = "Min Value"; - private static final String MAX_VALUE = "Max Value"; - private static final String ENABLE = "Enable"; - - protected static final int DEF_NUM_PERMITTED_SUBTREES = 1; - protected static final int DEF_NUM_EXCLUDED_SUBTREES = 1; - protected static final int MAX_NUM_EXCLUDED_SUBTREES = 100; - protected static final int MAX_NUM_PERMITTED_SUBTREES = 100; - - public NameConstraintsExtDefault() { - super(); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - refreshConfigAndValueNames(); - - } - - protected int getNumPermitted() { - int num = DEF_NUM_PERMITTED_SUBTREES; - String val = getConfig(CONFIG_NUM_PERMITTED_SUBTREES); - - if (val != null) { - try { - num = Integer.parseInt(val); - } catch (NumberFormatException e) { - // ignore - } - } - - if (num >= MAX_NUM_PERMITTED_SUBTREES) - num = DEF_NUM_PERMITTED_SUBTREES; - return num; - } - - protected int getNumExcluded() { - int num = DEF_NUM_EXCLUDED_SUBTREES; - String val = getConfig(CONFIG_NUM_EXCLUDED_SUBTREES); - - if (val != null) { - try { - num = Integer.parseInt(val); - } catch (NumberFormatException e) { - // ignore - } - } - - if (num >= MAX_NUM_EXCLUDED_SUBTREES) - num = DEF_NUM_EXCLUDED_SUBTREES; - - return num; - } - - public void setConfig(String name, String value) - throws EPropertyException { - int num = 0; - if (name.equals(CONFIG_NUM_PERMITTED_SUBTREES)) { - try { - num = Integer.parseInt(value); - - if (num >= MAX_NUM_PERMITTED_SUBTREES || num < 0) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_PERMITTED_SUBTREES)); - } - - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_PERMITTED_SUBTREES)); - } - } else if (name.equals(CONFIG_NUM_EXCLUDED_SUBTREES)) { - - try { - num = Integer.parseInt(value); - - if (num >= MAX_NUM_EXCLUDED_SUBTREES || num < 0) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_EXCLUDED_SUBTREES)); - } - - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_EXCLUDED_SUBTREES)); - } - } - super.setConfig(name, value); - } - - public Enumeration<String> getConfigNames() { - refreshConfigAndValueNames(); - return super.getConfigNames(); - } - - protected void refreshConfigAndValueNames() { - //refesh our config name list - - super.refreshConfigAndValueNames(); - - addValueName(VAL_CRITICAL); - addValueName(VAL_PERMITTED_SUBTREES); - addValueName(VAL_EXCLUDED_SUBTREES); - - addConfigName(CONFIG_CRITICAL); - int num = getNumPermitted(); - - addConfigName(CONFIG_NUM_PERMITTED_SUBTREES); - - for (int i = 0; i < num; i++) { - addConfigName(CONFIG_PERMITTED_MIN_VAL + i); - addConfigName(CONFIG_PERMITTED_MAX_VAL + i); - addConfigName(CONFIG_PERMITTED_NAME_CHOICE + i); - addConfigName(CONFIG_PERMITTED_NAME_VAL + i); - addConfigName(CONFIG_PERMITTED_ENABLE + i); - } - - num = getNumExcluded(); - - addConfigName(CONFIG_NUM_EXCLUDED_SUBTREES); - for (int i = 0; i < num; i++) { - addConfigName(CONFIG_EXCLUDED_MIN_VAL + i); - addConfigName(CONFIG_EXCLUDED_MAX_VAL + i); - addConfigName(CONFIG_EXCLUDED_NAME_CHOICE + i); - addConfigName(CONFIG_EXCLUDED_NAME_VAL + i); - addConfigName(CONFIG_EXCLUDED_ENABLE + i); - } - - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.startsWith(CONFIG_PERMITTED_MIN_VAL)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_MIN_VAL")); - } else if (name.startsWith(CONFIG_PERMITTED_MAX_VAL)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_MAX_VAL")); - } else if (name.startsWith(CONFIG_PERMITTED_NAME_CHOICE)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_NAME_CHOICE")); - } else if (name.startsWith(CONFIG_PERMITTED_NAME_VAL)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_NAME_VAL")); - } else if (name.startsWith(CONFIG_PERMITTED_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); - } else if (name.startsWith(CONFIG_EXCLUDED_MIN_VAL)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_MIN_VAL")); - } else if (name.startsWith(CONFIG_EXCLUDED_MAX_VAL)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_MAX_VAL")); - } else if (name.startsWith(CONFIG_EXCLUDED_NAME_CHOICE)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_NAME_CHOICE")); - } else if (name.startsWith(CONFIG_EXCLUDED_NAME_VAL)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_NAME_VAL")); - } else if (name.startsWith(CONFIG_EXCLUDED_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); - } else if (name.startsWith(CONFIG_NUM_EXCLUDED_SUBTREES)) { - return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_EXCLUDED_SUBTREES")); - } else if (name.startsWith(CONFIG_NUM_PERMITTED_SUBTREES)) { - return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_PERMITTED_SUBTREES")); - } - return null; - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_PERMITTED_SUBTREES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_SUBTREES")); - } else if (name.equals(VAL_EXCLUDED_SUBTREES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_SUBTREES")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - NameConstraintsExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = (NameConstraintsExtension) - getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); - - if (ext == null) { - populate(null, info); - } - - if (name.equals(VAL_CRITICAL)) { - ext = (NameConstraintsExtension) - getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); - boolean val = Boolean.valueOf(value).booleanValue(); - - if (ext == null) { - return; - } - ext.setCritical(val); - } else if (name.equals(VAL_PERMITTED_SUBTREES)) { - ext = (NameConstraintsExtension) - getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); - - if (ext == null) { - return; - } - if ((value == null) || (value.equals("null")) || (value.equals(""))) { - CMS.debug("NameConstraintsExtDefault:setValue : " + - "blank value for permitted subtrees ... returning"); - return; - } - - Vector<NameValuePairs> v = parseRecords(value); - - Vector<GeneralSubtree> permittedSubtrees = createSubtrees(locale, v); - - ext.set(NameConstraintsExtension.PERMITTED_SUBTREES, - new GeneralSubtrees(permittedSubtrees)); - } else if (name.equals(VAL_EXCLUDED_SUBTREES)) { - ext = (NameConstraintsExtension) - getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); - - if (ext == null) { - return; - } - if ((value == null) || (value.equals("null")) || (value.equals(""))) { - CMS.debug("NameConstraintsExtDefault:setValue : " + - "blank value for excluded subtrees ... returning"); - return; - } - Vector<NameValuePairs> v = parseRecords(value); - - Vector<GeneralSubtree> excludedSubtrees = createSubtrees(locale, v); - - ext.set(NameConstraintsExtension.EXCLUDED_SUBTREES, - new GeneralSubtrees(excludedSubtrees)); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - replaceExtension(PKIXExtensions.NameConstraints_Id.toString(), ext, info); - } catch (IOException e) { - CMS.debug("NameConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } catch (EProfileException e) { - CMS.debug("NameConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - private Vector<GeneralSubtree> createSubtrees(Locale locale, Vector<NameValuePairs> v) throws EPropertyException { - int size = v.size(); - String choice = null; - String val = ""; - String minS = null; - String maxS = null; - - Vector<GeneralSubtree> subtrees = new Vector<GeneralSubtree>(); - - for (int i = 0; i < size; i++) { - NameValuePairs nvps = v.elementAt(i); - - for (String name1 : nvps.keySet()) { - - if (name1.equals(GENERAL_NAME_CHOICE)) { - choice = nvps.get(name1); - } else if (name1.equals(GENERAL_NAME_VALUE)) { - val = nvps.get(name1); - } else if (name1.equals(MIN_VALUE)) { - minS = nvps.get(name1); - } else if (name1.equals(MAX_VALUE)) { - maxS = nvps.get(name1); - } - } - - if (choice == null || choice.length() == 0) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_PROFILE_GENERAL_NAME_NOT_FOUND")); - } - - if (val == null) - val = ""; - - int min = 0; - int max = -1; - - if (minS != null && minS.length() > 0) - min = Integer.parseInt(minS); - if (maxS != null && maxS.length() > 0) - max = Integer.parseInt(maxS); - - GeneralName gn = null; - GeneralNameInterface gnI = null; - - try { - gnI = parseGeneralName(choice + ":" + val); - } catch (IOException e) { - CMS.debug("NameConstraintsExtDefault: createSubtress " + - e.toString()); - } - - if (gnI != null) { - gn = new GeneralName(gnI); - } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_PROFILE_GENERAL_NAME_NOT_FOUND")); - } - GeneralSubtree subtree = new GeneralSubtree( - gn, min, max); - - subtrees.addElement(subtree); - } - - return subtrees; - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - NameConstraintsExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = (NameConstraintsExtension) - getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); - - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - if (name.equals(VAL_CRITICAL)) { - ext = (NameConstraintsExtension) - getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_PERMITTED_SUBTREES)) { - ext = (NameConstraintsExtension) - getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); - - if (ext == null) - return ""; - - GeneralSubtrees subtrees = null; - - try { - subtrees = (GeneralSubtrees) - ext.get(NameConstraintsExtension.PERMITTED_SUBTREES); - } catch (IOException e) { - CMS.debug("NameConstraintExtDefault: getValue " + e.toString()); - } - - if (subtrees == null) { - CMS.debug("NameConstraintsExtDefault::getValue() VAL_PERMITTED_SUBTREES is null!"); - throw new EPropertyException("subtrees is null"); - } - - return getSubtreesInfo(ext, subtrees); - } else if (name.equals(VAL_EXCLUDED_SUBTREES)) { - ext = (NameConstraintsExtension) - getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); - - if (ext == null) - return ""; - - GeneralSubtrees subtrees = null; - - try { - subtrees = (GeneralSubtrees) - ext.get(NameConstraintsExtension.EXCLUDED_SUBTREES); - } catch (IOException e) { - CMS.debug("NameConstraintExtDefault: getValue " + e.toString()); - } - - if (subtrees == null) { - CMS.debug("NameConstraintsExtDefault::getValue() VAL_EXCLUDED_SUBTREES is null!"); - throw new EPropertyException("subtrees is null"); - } - - return getSubtreesInfo(ext, subtrees); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - private String getSubtreesInfo(NameConstraintsExtension ext, - GeneralSubtrees subtrees) throws EPropertyException { - Vector<GeneralSubtree> trees = subtrees.getSubtrees(); - int size = trees.size(); - - Vector<NameValuePairs> recs = new Vector<NameValuePairs>(); - - for (int i = 0; i < size; i++) { - GeneralSubtree tree = (GeneralSubtree) trees.elementAt(i); - - GeneralName gn = tree.getGeneralName(); - String type = getGeneralNameType(gn); - int max = tree.getMaxValue(); - int min = tree.getMinValue(); - - NameValuePairs pairs = new NameValuePairs(); - - pairs.put(GENERAL_NAME_CHOICE, type); - pairs.put(GENERAL_NAME_VALUE, getGeneralNameValue(gn)); - pairs.put(MIN_VALUE, Integer.toString(min)); - pairs.put(MAX_VALUE, Integer.toString(max)); - pairs.put(ENABLE, "true"); - - recs.addElement(pairs); - } - - return buildRecords(recs); - } - - public String getText(Locale locale) { - StringBuffer sb = new StringBuffer(); - int num = getNumPermitted(); - - for (int i = 0; i < num; i++) { - sb.append("Permitted #"); - sb.append(i); - sb.append("{"); - sb.append(GENERAL_NAME_CHOICE + ":"); - sb.append(getConfig(CONFIG_PERMITTED_NAME_CHOICE + i)); - sb.append(","); - sb.append(GENERAL_NAME_VALUE + ":"); - sb.append(getConfig(CONFIG_PERMITTED_NAME_VAL + i)); - sb.append(","); - sb.append(MIN_VALUE + ":"); - sb.append(getConfig(CONFIG_PERMITTED_MIN_VAL + i)); - sb.append(","); - sb.append(MAX_VALUE + ":"); - sb.append(getConfig(CONFIG_PERMITTED_MAX_VAL + i)); - sb.append("}"); - } - num = getNumExcluded(); - for (int i = 0; i < num; i++) { - sb.append("Exluded #"); - sb.append(i); - sb.append("{"); - sb.append(GENERAL_NAME_CHOICE + ":"); - sb.append(getConfig(CONFIG_EXCLUDED_NAME_CHOICE + i)); - sb.append(","); - sb.append(GENERAL_NAME_VALUE + ":"); - sb.append(getConfig(CONFIG_EXCLUDED_NAME_VAL + i)); - sb.append(","); - sb.append(MIN_VALUE + ":"); - sb.append(getConfig(CONFIG_EXCLUDED_MIN_VAL + i)); - sb.append(","); - sb.append(MAX_VALUE + ":"); - sb.append(getConfig(CONFIG_EXCLUDED_MAX_VAL + i)); - sb.append("}"); - } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_NAME_CONSTRAINTS_EXT", - getConfig(CONFIG_CRITICAL), sb.toString()); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - NameConstraintsExtension ext = createExtension(); - - addExtension(PKIXExtensions.NameConstraints_Id.toString(), ext, info); - } - - public NameConstraintsExtension createExtension() { - NameConstraintsExtension ext = null; - - try { - int num = getNumPermitted(); - - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - - Vector<GeneralSubtree> v = new Vector<GeneralSubtree>(); - - for (int i = 0; i < num; i++) { - String enable = getConfig(CONFIG_PERMITTED_ENABLE + i); - - if (enable != null && enable.equals("true")) { - String choice = getConfig(CONFIG_PERMITTED_NAME_CHOICE + i); - String value = getConfig(CONFIG_PERMITTED_NAME_VAL + i); - String minS = getConfig(CONFIG_PERMITTED_MIN_VAL + i); - String maxS = getConfig(CONFIG_PERMITTED_MAX_VAL + i); - - v.addElement(createSubtree(choice, value, minS, maxS)); - } - } - - Vector<GeneralSubtree> v1 = new Vector<GeneralSubtree>(); - - num = getNumExcluded(); - for (int i = 0; i < num; i++) { - String enable = getConfig(CONFIG_EXCLUDED_ENABLE + i); - - if (enable != null && enable.equals("true")) { - String choice = getConfig(CONFIG_EXCLUDED_NAME_CHOICE + i); - String value = getConfig(CONFIG_EXCLUDED_NAME_VAL + i); - String minS = getConfig(CONFIG_EXCLUDED_MIN_VAL + i); - String maxS = getConfig(CONFIG_EXCLUDED_MAX_VAL + i); - - v1.addElement(createSubtree(choice, value, minS, maxS)); - } - } - - ext = new NameConstraintsExtension(critical, - new GeneralSubtrees(v), new GeneralSubtrees(v1)); - } catch (Exception e) { - CMS.debug("NameConstraintsExtDefault: createExtension " + - e.toString()); - } - - return ext; - } - - private GeneralSubtree createSubtree(String choice, String value, - String minS, String maxS) { - GeneralName gn = null; - GeneralNameInterface gnI = null; - - try { - gnI = parseGeneralName(choice + ":" + value); - } catch (IOException e) { - CMS.debug(e.toString()); - } - if (gnI != null) - gn = new GeneralName(gnI); - else - //throw new EPropertyException("GeneralName must not be null"); - return null; - - int min = 0; - - if (minS != null && minS.length() > 0) - min = Integer.parseInt(minS); - int max = -1; - - if (maxS != null && maxS.length() > 0) - max = Integer.parseInt(maxS); - - return (new GeneralSubtree(gn, min, max)); - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java deleted file mode 100644 index 4678f4487..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java +++ /dev/null @@ -1,111 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.util.Enumeration; -import java.util.Locale; -import java.util.Vector; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IPolicyDefault; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements no default policy. - * - * @version $Revision$, $Date$ - */ -public class NoDefault implements IPolicyDefault { - - public static final String PROP_NAME = "name"; - - protected Vector<String> mValues = new Vector<String>(); - protected Vector<String> mNames = new Vector<String>(); - protected IConfigStore mConfig = null; - - public Enumeration<String> getConfigNames() { - return mNames.elements(); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - return null; - } - - public void setConfig(String name, String value) - throws EPropertyException { - } - - public String getDefaultConfig(String name) { - return null; - } - - public String getConfig(String name) { - return null; - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - mConfig = config; - } - - public IConfigStore getConfigStore() { - return mConfig; - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request) - throws EProfileException { - } - - public Enumeration<String> getValueNames() { - return mValues.elements(); - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - return null; - } - - public void setValue(String name, Locale locale, IRequest request, - String value) - throws EPropertyException { - } - - public String getValue(String name, Locale locale, IRequest request) { - return null; - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_NO_DEFAULT"); - } - - public String getName(Locale locale) { - try { - return mConfig.getString(PROP_NAME); - } catch (EBaseException e) { - return null; - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java deleted file mode 100644 index 382f3cec3..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java +++ /dev/null @@ -1,185 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.util.Locale; - -import netscape.security.extensions.OCSPNoCheckExtension; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates an OCSP No Check extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class OCSPNoCheckExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "ocspNoCheckCritical"; - - public static final String VAL_CRITICAL = "ocspNoCheckCritical"; - - public OCSPNoCheckExtDefault() { - super(); - addValueName(VAL_CRITICAL); - addConfigName(CONFIG_CRITICAL); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - OCSPNoCheckExtension ext = (OCSPNoCheckExtension) - getExtension(OCSPNoCheckExtension.OID, info); - - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - if (name.equals(VAL_CRITICAL)) { - ext = (OCSPNoCheckExtension) - getExtension(OCSPNoCheckExtension.OID, info); - boolean val = Boolean.valueOf(value).booleanValue(); - - if (ext == null) { - return; - } - ext.setCritical(val); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - OCSPNoCheckExtension ext = (OCSPNoCheckExtension) - getExtension(OCSPNoCheckExtension.OID, info); - - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - if (name.equals(VAL_CRITICAL)) { - ext = (OCSPNoCheckExtension) - getExtension(OCSPNoCheckExtension.OID, info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_OCSP_NO_CHECK_EXT", - getConfig(CONFIG_CRITICAL)); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - OCSPNoCheckExtension ext = createExtension(); - - addExtension(OCSPNoCheckExtension.OID, ext, info); - } - - public OCSPNoCheckExtension createExtension() { - OCSPNoCheckExtension ext = null; - - try { - ext = new OCSPNoCheckExtension(); - } catch (Exception e) { - CMS.debug("OCSPNoCheckExtDefault: createExtension " + - e.toString()); - return null; - } - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - - ext.setCritical(critical); - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java deleted file mode 100644 index db9b95a04..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java +++ /dev/null @@ -1,287 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Locale; - -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.PolicyConstraintsExtension; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a policy constraints extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class PolicyConstraintsExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "policyConstraintsCritical"; - public static final String CONFIG_REQ_EXPLICIT_POLICY = "policyConstraintsReqExplicitPolicy"; - public static final String CONFIG_INHIBIT_POLICY_MAPPING = "policyConstraintsInhibitPolicyMapping"; - - public static final String VAL_CRITICAL = "policyConstraintsCritical"; - public static final String VAL_REQ_EXPLICIT_POLICY = "policyConstraintsReqExplicitPolicy"; - public static final String VAL_INHIBIT_POLICY_MAPPING = "policyConstraintsInhibitPolicyMapping"; - - public PolicyConstraintsExtDefault() { - super(); - addValueName(VAL_CRITICAL); - addValueName(VAL_REQ_EXPLICIT_POLICY); - addValueName(VAL_INHIBIT_POLICY_MAPPING); - - addConfigName(CONFIG_CRITICAL); - addConfigName(CONFIG_REQ_EXPLICIT_POLICY); - addConfigName(CONFIG_INHIBIT_POLICY_MAPPING); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(CONFIG_REQ_EXPLICIT_POLICY)) { - return new Descriptor(IDescriptor.INTEGER, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_REQUIRED_EXPLICIT_POLICY")); - } else if (name.equals(CONFIG_INHIBIT_POLICY_MAPPING)) { - return new Descriptor(IDescriptor.INTEGER, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_INHIBIT_POLICY_MAPPING")); - } - return null; - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { - return new Descriptor(IDescriptor.INTEGER, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_REQUIRED_EXPLICIT_POLICY")); - } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) { - return new Descriptor(IDescriptor.INTEGER, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_INHIBIT_POLICY_MAPPING")); - } - return null; - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - PolicyConstraintsExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); - - if (ext == null) { - populate(null, info); - } - - if (name.equals(VAL_CRITICAL)) { - ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); - boolean val = Boolean.valueOf(value).booleanValue(); - - if (ext == null) { - return; - } - ext.setCritical(val); - } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { - ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); - - if (ext == null) { - return; - } - Integer num = new Integer(value); - - ext.set(PolicyConstraintsExtension.REQUIRE, num); - } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) { - ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); - - if (ext == null) { - return; - } - Integer num = new Integer(value); - - ext.set(PolicyConstraintsExtension.INHIBIT, num); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - replaceExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - ext, info); - } catch (EProfileException e) { - CMS.debug("PolicyConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } catch (IOException e) { - CMS.debug("PolicyConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - PolicyConstraintsExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); - if (ext == null) { - - try { - populate(null, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - if (name.equals(VAL_CRITICAL)) { - ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { - ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); - - if (ext == null) - return ""; - - int num = ext.getRequireExplicitMapping(); - - return "" + num; - } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) { - ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); - - if (ext == null) - return ""; - - int num = ext.getInhibitPolicyMapping(); - - return "" + num; - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_REQ_EXPLICIT_POLICY), - getConfig(CONFIG_INHIBIT_POLICY_MAPPING) - }; - - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_POLICY_CONSTRAINTS_EXT", params); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - PolicyConstraintsExtension ext = createExtension(); - - if (ext == null) - return; - addExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - ext, info); - } - - public PolicyConstraintsExtension createExtension() { - PolicyConstraintsExtension ext = null; - - try { - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - - int reqNum = -1; - int inhibitNum = -1; - String req = getConfig(CONFIG_REQ_EXPLICIT_POLICY); - - if (req != null && req.length() > 0) { - reqNum = Integer.parseInt(req); - } - String inhibit = getConfig(CONFIG_INHIBIT_POLICY_MAPPING); - - if (inhibit != null && inhibit.length() > 0) { - inhibitNum = Integer.parseInt(inhibit); - } - ext = new PolicyConstraintsExtension(critical, reqNum, inhibitNum); - } catch (Exception e) { - CMS.debug("PolicyConstraintsExtDefault: createExtension " + - e.toString()); - } - - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java deleted file mode 100644 index 712641c0d..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java +++ /dev/null @@ -1,420 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Locale; -import java.util.Vector; - -import netscape.security.util.ObjectIdentifier; -import netscape.security.x509.CertificatePolicyId; -import netscape.security.x509.CertificatePolicyMap; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.PolicyMappingsExtension; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.common.NameValuePairs; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a policy mappings extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class PolicyMappingsExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "policyMappingsCritical"; - public static final String CONFIG_NUM_POLICY_MAPPINGS = "policyMappingsNum"; - public static final String CONFIG_ISSUER_DOMAIN_POLICY = "policyMappingsIssuerDomainPolicy_"; - public static final String CONFIG_SUBJECT_DOMAIN_POLICY = "policyMappingsSubjectDomainPolicy_"; - public static final String CONFIG_ENABLE = "policyMappingsEnable_"; - - public static final String VAL_CRITICAL = "policyMappingsCritical"; - public static final String VAL_DOMAINS = "policyMappingsDomains"; - - private static final String ISSUER_POLICY_ID = "Issuer Policy Id"; - private static final String SUBJECT_POLICY_ID = "Subject Policy Id"; - private static final String POLICY_ID_ENABLE = "Enable"; - - private static final int DEF_NUM_MAPPINGS = 1; - private static final int MAX_NUM_MAPPINGS = 100; - - public PolicyMappingsExtDefault() { - super(); - } - - protected int getNumMappings() { - int num = DEF_NUM_MAPPINGS; - String numMappings = getConfig(CONFIG_NUM_POLICY_MAPPINGS); - - if (numMappings != null) { - try { - num = Integer.parseInt(numMappings); - } catch (NumberFormatException e) { - // ignore - } - } - return num; - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - refreshConfigAndValueNames(); - } - - public void setConfig(String name, String value) - throws EPropertyException { - int num = 0; - if (name.equals(CONFIG_NUM_POLICY_MAPPINGS)) { - try { - num = Integer.parseInt(value); - - if (num >= MAX_NUM_MAPPINGS || num < 0) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_POLICY_MAPPINGS)); - } - - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_POLICY_MAPPINGS)); - } - } - super.setConfig(name, value); - } - - public Enumeration<String> getConfigNames() { - refreshConfigAndValueNames(); - return super.getConfigNames(); - } - - protected void refreshConfigAndValueNames() { - super.refreshConfigAndValueNames(); - - addValueName(VAL_CRITICAL); - addValueName(VAL_DOMAINS); - - addConfigName(CONFIG_CRITICAL); - int num = getNumMappings(); - - addConfigName(CONFIG_NUM_POLICY_MAPPINGS); - for (int i = 0; i < num; i++) { - addConfigName(CONFIG_ISSUER_DOMAIN_POLICY + i); - addConfigName(CONFIG_SUBJECT_DOMAIN_POLICY + i); - addConfigName(CONFIG_ENABLE + i); - } - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.startsWith(CONFIG_ISSUER_DOMAIN_POLICY)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_DOMAIN_POLICY")); - } else if (name.startsWith(CONFIG_SUBJECT_DOMAIN_POLICY)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_DOMAIN_POLICY")); - } else if (name.startsWith(CONFIG_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); - } else if (name.startsWith(CONFIG_NUM_POLICY_MAPPINGS)) { - return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICY_MAPPINGS")); - } - - return null; - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_DOMAINS)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_DOMAINS")); - } - return null; - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - PolicyMappingsExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = (PolicyMappingsExtension) - getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); - - if (ext == null) { - populate(null, info); - - } - - if (name.equals(VAL_CRITICAL)) { - ext = (PolicyMappingsExtension) - getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); - boolean val = Boolean.valueOf(value).booleanValue(); - - if (ext == null) { - return; - } - ext.setCritical(val); - } else if (name.equals(VAL_DOMAINS)) { - ext = (PolicyMappingsExtension) - getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); - - if (ext == null) { - return; - } - Vector<NameValuePairs> v = parseRecords(value); - int size = v.size(); - - String issuerPolicyId = null; - String subjectPolicyId = null; - String enable = null; - Vector<CertificatePolicyMap> policyMaps = new Vector<CertificatePolicyMap>(); - - for (int i = 0; i < size; i++) { - NameValuePairs nvps = v.elementAt(i); - - for (String name1 : nvps.keySet()) { - - if (name1.equals(ISSUER_POLICY_ID)) { - issuerPolicyId = nvps.get(name1); - } else if (name1.equals(SUBJECT_POLICY_ID)) { - subjectPolicyId = nvps.get(name1); - } else if (name1.equals(POLICY_ID_ENABLE)) { - enable = nvps.get(name1); - } - } - - if (enable != null && enable.equals("true")) { - if (issuerPolicyId == null || - issuerPolicyId.length() == 0 || subjectPolicyId == null || - subjectPolicyId.length() == 0) - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_PROFILE_POLICY_ID_NOT_FOUND")); - CertificatePolicyMap map = new CertificatePolicyMap( - new CertificatePolicyId(new ObjectIdentifier(issuerPolicyId)), - new CertificatePolicyId(new ObjectIdentifier(subjectPolicyId))); - - policyMaps.addElement(map); - } - } - ext.set(PolicyMappingsExtension.MAP, policyMaps); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - replaceExtension(PKIXExtensions.PolicyMappings_Id.toString(), - ext, info); - } catch (EProfileException e) { - CMS.debug("PolicyMappingsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } catch (IOException e) { - CMS.debug("PolicyMappingsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - PolicyMappingsExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = (PolicyMappingsExtension) - getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - if (name.equals(VAL_CRITICAL)) { - ext = (PolicyMappingsExtension) - getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_DOMAINS)) { - ext = (PolicyMappingsExtension) - getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); - - if (ext == null) - return ""; - - int num_mappings = getNumMappings(); - - Enumeration<CertificatePolicyMap> maps = ext.getMappings(); - - Vector<NameValuePairs> recs = new Vector<NameValuePairs>(); - - for (int i = 0; i < num_mappings; i++) { - NameValuePairs pairs = new NameValuePairs(); - - if (maps.hasMoreElements()) { - CertificatePolicyMap map = - (CertificatePolicyMap) maps.nextElement(); - - CertificatePolicyId i1 = map.getIssuerIdentifier(); - CertificatePolicyId s1 = map.getSubjectIdentifier(); - - pairs.put(ISSUER_POLICY_ID, i1.getIdentifier().toString()); - pairs.put(SUBJECT_POLICY_ID, s1.getIdentifier().toString()); - pairs.put(POLICY_ID_ENABLE, "true"); - } else { - pairs.put(ISSUER_POLICY_ID, ""); - pairs.put(SUBJECT_POLICY_ID, ""); - pairs.put(POLICY_ID_ENABLE, "false"); - - } - recs.addElement(pairs); - } - - return buildRecords(recs); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - StringBuffer sb = new StringBuffer(); - int num = getNumMappings(); - - for (int i = 0; i < num; i++) { - sb.append("Record #"); - sb.append(i); - sb.append("{"); - sb.append(ISSUER_POLICY_ID + ":"); - sb.append(getConfig(CONFIG_ISSUER_DOMAIN_POLICY + i)); - sb.append(","); - sb.append(SUBJECT_POLICY_ID + ":"); - sb.append(getConfig(CONFIG_SUBJECT_DOMAIN_POLICY + i)); - sb.append(","); - sb.append(POLICY_ID_ENABLE + ":"); - sb.append(getConfig(CONFIG_ENABLE + i)); - sb.append("}"); - } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_POLICY_MAPPINGS_EXT", - getConfig(CONFIG_CRITICAL), sb.toString()); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - PolicyMappingsExtension ext = createExtension(); - - if (ext == null) - return; - addExtension(PKIXExtensions.PolicyMappings_Id.toString(), - ext, info); - } - - public PolicyMappingsExtension createExtension() { - PolicyMappingsExtension ext = null; - - try { - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - Vector<CertificatePolicyMap> policyMaps = new Vector<CertificatePolicyMap>(); - int num = getNumMappings(); - - for (int i = 0; i < num; i++) { - String enable = getConfig(CONFIG_ENABLE + i); - - if (enable != null && enable.equals("true")) { - String issuerID = getConfig(CONFIG_ISSUER_DOMAIN_POLICY + i); - - if (issuerID == null || issuerID.length() == 0) { - return null; - } - - String subjectID = getConfig(CONFIG_SUBJECT_DOMAIN_POLICY + i); - - if (subjectID == null || subjectID.length() == 0) { - return null; - } - - CertificatePolicyMap map = new CertificatePolicyMap( - new CertificatePolicyId(new ObjectIdentifier(issuerID)), - new CertificatePolicyId(new ObjectIdentifier(subjectID))); - - policyMaps.addElement(map); - } - } - - ext = new PolicyMappingsExtension(critical, policyMaps); - } catch (Exception e) { - CMS.debug("PolicyMappingsExtDefault: createExtension " + - e.toString()); - } - - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java deleted file mode 100644 index 20285567e..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java +++ /dev/null @@ -1,316 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.text.ParsePosition; -import java.text.SimpleDateFormat; -import java.util.Date; -import java.util.Locale; - -import netscape.security.util.ObjectIdentifier; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.PrivateKeyUsageExtension; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a Private Key Usage Period extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "puCritical"; - public static final String CONFIG_START_TIME = "puStartTime"; - public static final String CONFIG_DURATION = "puDurationInDays"; // in days - - public static final String VAL_CRITICAL = "puCritical"; - public static final String VAL_NOT_BEFORE = "puNotBefore"; - public static final String VAL_NOT_AFTER = "puNotAfter"; - - public static final String DATE_FORMAT = "yyyy-MM-dd HH:mm:ss"; - private long mDefault = 86400000; // 1 days - - public PrivateKeyUsagePeriodExtDefault() { - super(); - addValueName(VAL_CRITICAL); - addValueName(VAL_NOT_BEFORE); - addValueName(VAL_NOT_AFTER); - - addConfigName(CONFIG_CRITICAL); - addConfigName(CONFIG_START_TIME); - addConfigName(CONFIG_DURATION); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(CONFIG_START_TIME)) { - return new Descriptor(IDescriptor.STRING, null, - "0", - CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_START_TIME")); - } else if (name.equals(CONFIG_DURATION)) { - return new Descriptor(IDescriptor.STRING, null, - "365", - CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_RANGE")); - } else { - return null; - } - } - - public void setConfig(String name, String value) - throws EPropertyException { - if (name.equals(CONFIG_START_TIME)) { - try { - Integer.parseInt(value); - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_START_TIME)); - } - } else if (name.equals(CONFIG_DURATION)) { - try { - Integer.parseInt(value); - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_DURATION)); - } - } - super.setConfig(name, value); - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_NOT_BEFORE)) { - return new Descriptor(IDescriptor.STRING, null, - "0", - CMS.getUserMessage(locale, "CMS_PROFILE_NOT_BEFORE")); - } else if (name.equals(VAL_NOT_AFTER)) { - return new Descriptor(IDescriptor.STRING, null, - "30", - CMS.getUserMessage(locale, "CMS_PROFILE_NOT_AFTER")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - PrivateKeyUsageExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ObjectIdentifier oid = PKIXExtensions.PrivateKeyUsage_Id; - - ext = (PrivateKeyUsageExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - populate(null, info); - } - - if (name.equals(VAL_CRITICAL)) { - - ext = (PrivateKeyUsageExtension) - getExtension(oid.toString(), info); - boolean val = Boolean.valueOf(value).booleanValue(); - - if (ext == null) { - return; - } - ext.setCritical(val); - } else if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); - ParsePosition pos = new ParsePosition(0); - Date date = formatter.parse(value, pos); - - ext = (PrivateKeyUsageExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - return; - } - ext.set(PrivateKeyUsageExtension.NOT_BEFORE, date); - } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); - ParsePosition pos = new ParsePosition(0); - Date date = formatter.parse(value, pos); - - ext = (PrivateKeyUsageExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - return; - } - ext.set(PrivateKeyUsageExtension.NOT_AFTER, date); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - replaceExtension(ext.getExtensionId().toString(), ext, info); - } catch (EProfileException e) { - CMS.debug("PrivateKeyUsageExtension: setValue " + e.toString()); - } catch (Exception e) { - CMS.debug("PrivateKeyUsageExtension: setValue " + e.toString()); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - PrivateKeyUsageExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ObjectIdentifier oid = PKIXExtensions.PrivateKeyUsage_Id; - - ext = (PrivateKeyUsageExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - if (name.equals(VAL_CRITICAL)) { - - ext = (PrivateKeyUsageExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); - - ext = (PrivateKeyUsageExtension) - getExtension(oid.toString(), info); - - if (ext == null) - return ""; - - return formatter.format(ext.getNotBefore()); - } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); - - ext = (PrivateKeyUsageExtension) - getExtension(oid.toString(), info); - - if (ext == null) - return ""; - - return formatter.format(ext.getNotAfter()); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_START_TIME), - getConfig(CONFIG_DURATION) - }; - - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_PRIVATE_KEY_EXT", params); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - PrivateKeyUsageExtension ext = createExtension(); - - addExtension(ext.getExtensionId().toString(), ext, info); - } - - public PrivateKeyUsageExtension createExtension() { - PrivateKeyUsageExtension ext = null; - - try { - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - - // always + 60 seconds - String startTimeStr = getConfig(CONFIG_START_TIME); - - if (startTimeStr == null || startTimeStr.equals("")) { - startTimeStr = "60"; - } - int startTime = Integer.parseInt(startTimeStr); - Date notBefore = new Date(CMS.getCurrentDate().getTime() + - (1000 * startTime)); - long notAfterVal = 0; - - notAfterVal = notBefore.getTime() + - (mDefault * Integer.parseInt(getConfig(CONFIG_DURATION))); - Date notAfter = new Date(notAfterVal); - - ext = new PrivateKeyUsageExtension(notBefore, notAfter); - ext.setCritical(critical); - } catch (Exception e) { - CMS.debug("PrivateKeyUsagePeriodExt: createExtension " + - e.toString()); - } - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java deleted file mode 100644 index 11da93fc8..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java +++ /dev/null @@ -1,183 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.util.Locale; - -import netscape.security.x509.AlgorithmId; -import netscape.security.x509.CertificateAlgorithmId; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.ca.ICertificateAuthority; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a signing algorithm - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class SigningAlgDefault extends EnrollDefault { - - public static final String CONFIG_ALGORITHM = "signingAlg"; - - public static final String VAL_ALGORITHM = "signingAlg"; - public static final String DEF_CONFIG_ALGORITHMS = - "-,MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA"; - - public SigningAlgDefault() { - super(); - addConfigName(CONFIG_ALGORITHM); - addValueName(VAL_ALGORITHM); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_ALGORITHM)) { - return new Descriptor(IDescriptor.CHOICE, DEF_CONFIG_ALGORITHMS, - "SHA256withRSA", - CMS.getUserMessage(locale, "CMS_PROFILE_SIGNING_ALGORITHM")); - } else { - return null; - } - } - - public String getSigningAlg() { - String signingAlg = getConfig(CONFIG_ALGORITHM); - // if specified, use the specified one. Otherwise, pick - // the best selection for the user - if (signingAlg == null || signingAlg.equals("") || - signingAlg.equals("-")) { - // best pick for the user - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); - return ca.getDefaultAlgorithm(); - } else { - return signingAlg; - } - } - - public String getDefSigningAlgorithms() { - StringBuffer allowed = new StringBuffer(); - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); - String algos[] = ca.getCASigningAlgorithms(); - for (int i = 0; i < algos.length; i++) { - if (allowed.length() == 0) { - allowed.append(algos[i]); - } else { - allowed.append(","); - allowed.append(algos[i]); - } - } - return allowed.toString(); - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_ALGORITHM)) { - String allowed = getDefSigningAlgorithms(); - return new Descriptor(IDescriptor.CHOICE, - allowed, null, - CMS.getUserMessage(locale, "CMS_PROFILE_SIGNING_ALGORITHM")); - } - return null; - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_ALGORITHM)) { - try { - info.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId( - AlgorithmId.getAlgorithmId(value))); - } catch (Exception e) { - CMS.debug("SigningAlgDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - - if (name == null) - throw new EPropertyException("Invalid name " + name); - - if (name.equals(VAL_ALGORITHM)) { - CertificateAlgorithmId algId = null; - - try { - algId = (CertificateAlgorithmId) - info.get(X509CertInfo.ALGORITHM_ID); - AlgorithmId id = (AlgorithmId) - algId.get(CertificateAlgorithmId.ALGORITHM); - - return id.toString(); - } catch (Exception e) { - CMS.debug("SigningAlgDefault: getValue " + e.toString()); - } - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIGNING_ALGORITHM", - getSigningAlg()); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - try { - info.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId( - AlgorithmId.getAlgorithmId(getSigningAlg()))); - } catch (Exception e) { - CMS.debug("SigningAlgDefault: populate " + e.toString()); - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java deleted file mode 100644 index d3838577e..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java +++ /dev/null @@ -1,542 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Locale; -import java.util.StringTokenizer; -import java.util.UUID; - -import netscape.security.x509.GeneralNameInterface; -import netscape.security.x509.GeneralNames; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.SubjectAlternativeNameExtension; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IAttrSet; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.pattern.Pattern; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a subject alternative name extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class SubjectAltNameExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "subjAltNameExtCritical"; - public static final String CONFIG_NUM_GNS = "subjAltNameNumGNs"; - public static final String CONFIG_GN_ENABLE = "subjAltExtGNEnable_"; - public static final String CONFIG_TYPE = "subjAltExtType_"; - public static final String CONFIG_PATTERN = "subjAltExtPattern_"; - public static final String CONFIG_SOURCE = "subjAltExtSource_"; - public static final String CONFIG_SOURCE_UUID4 = "UUID4"; - - public static final String CONFIG_OLD_TYPE = "subjAltExtType"; - public static final String CONFIG_OLD_PATTERN = "subjAltExtPattern"; - - public static final String VAL_CRITICAL = "subjAltNameExtCritical"; - public static final String VAL_GENERAL_NAMES = "subjAltNames"; - - private static final String GN_ENABLE = "Enable"; - private static final String GN_TYPE = "Pattern Type"; - private static final String GN_PATTERN = "Pattern"; - - private static final int DEF_NUM_GN = 1; - private static final int MAX_NUM_GN = 100; - - public SubjectAltNameExtDefault() { - super(); - } - - protected int getNumGNs() { - int num = DEF_NUM_GN; - String numGNs = getConfig(CONFIG_NUM_GNS); - - if (numGNs != null) { - try { - num = Integer.parseInt(numGNs); - } catch (NumberFormatException e) { - // ignore - } - } - - if (num >= MAX_NUM_GN) - num = DEF_NUM_GN; - return num; - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - - super.init(profile, config); - refreshConfigAndValueNames(); - // migrate old parameters to new parameters - String old_type = null; - String old_pattern = null; - IConfigStore paramConfig = config.getSubStore("params"); - try { - if (paramConfig != null) { - old_type = paramConfig.getString(CONFIG_OLD_TYPE); - } - } catch (EBaseException e) { - // nothing to do here - } - CMS.debug("SubjectAltNameExtDefault: Upgrading old_type=" + - old_type); - try { - if (paramConfig != null) { - old_pattern = paramConfig.getString(CONFIG_OLD_PATTERN); - } - } catch (EBaseException e) { - // nothing to do here - } - CMS.debug("SubjectAltNameExtDefault: Upgrading old_pattern=" + - old_pattern); - if (old_type != null && old_pattern != null) { - CMS.debug("SubjectAltNameExtDefault: Upgrading"); - try { - paramConfig.putString(CONFIG_NUM_GNS, "1"); - paramConfig.putString(CONFIG_GN_ENABLE + "0", "true"); - paramConfig.putString(CONFIG_TYPE + "0", old_type); - paramConfig.putString(CONFIG_PATTERN + "0", old_pattern); - paramConfig.remove(CONFIG_OLD_TYPE); - paramConfig.remove(CONFIG_OLD_PATTERN); - profile.getConfigStore().commit(true); - } catch (Exception e) { - CMS.debug("SubjectAltNameExtDefault: Failed to upgrade " + e); - } - } - } - - public void setConfig(String name, String value) - throws EPropertyException { - int num = 0; - if (name.equals(CONFIG_NUM_GNS)) { - try { - num = Integer.parseInt(value); - - if (num >= MAX_NUM_GN || num < 0) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_GNS)); - } - - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_GNS)); - } - } - super.setConfig(name, value); - } - - public Enumeration<String> getConfigNames() { - refreshConfigAndValueNames(); - return super.getConfigNames(); - } - - protected void refreshConfigAndValueNames() { - super.refreshConfigAndValueNames(); - - addValueName(VAL_CRITICAL); - addValueName(VAL_GENERAL_NAMES); - - addConfigName(CONFIG_CRITICAL); - int num = getNumGNs(); - addConfigName(CONFIG_NUM_GNS); - for (int i = 0; i < num; i++) { - addConfigName(CONFIG_TYPE + i); - addConfigName(CONFIG_PATTERN + i); - addConfigName(CONFIG_GN_ENABLE + i); - } - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.startsWith(CONFIG_TYPE)) { - return new Descriptor(IDescriptor.CHOICE, - "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName,OtherName", - "RFC822Name", - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_ALT_NAME_TYPE")); - } else if (name.startsWith(CONFIG_PATTERN)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_ALT_NAME_PATTERN")); - } else if (name.startsWith(CONFIG_GN_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_GN_ENABLE")); - } else if (name.startsWith(CONFIG_NUM_GNS)) { - return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_GNS")); - } - - return null; - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_GENERAL_NAMES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - SubjectAlternativeNameExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = - (SubjectAlternativeNameExtension) - getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); - - if (ext == null) { - populate(null, info); - } - - if (name.equals(VAL_CRITICAL)) { - ext = - (SubjectAlternativeNameExtension) - getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); - - if (ext == null) { - // it is ok, the extension is never populated or delted - return; - } - boolean critical = Boolean.valueOf(value).booleanValue(); - - ext.setCritical(critical); - } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = - (SubjectAlternativeNameExtension) - getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); - - if (ext == null) { - // it is ok, the extension is never populated or delted - return; - } - if (value.equals("")) { - // if value is empty, do not add this extension - deleteExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); - return; - } - GeneralNames gn = new GeneralNames(); - StringTokenizer st = new StringTokenizer(value, "\r\n"); - - while (st.hasMoreTokens()) { - String gname = (String) st.nextToken(); - CMS.debug("SubjectAltNameExtDefault: setValue GN:" + gname); - - if (!isGeneralNameValid(gname)) { - continue; - } - GeneralNameInterface n = parseGeneralName(gname); - if (n != null) { - gn.addElement(n); - } - } - if (gn.size() == 0) { - CMS.debug("GN size is zero"); - deleteExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); - return; - } else { - CMS.debug("GN size is non zero (" + gn.size() + ")"); - ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn); - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - replaceExtension( - PKIXExtensions.SubjectAlternativeName_Id.toString(), - ext, info); - } catch (IOException e) { - CMS.debug("SubjectAltNameExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } catch (EProfileException e) { - CMS.debug("SubjectAltNameExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - try { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - SubjectAlternativeNameExtension ext = - (SubjectAlternativeNameExtension) - getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); - - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - if (name.equals(VAL_CRITICAL)) { - ext = - (SubjectAlternativeNameExtension) - getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = - (SubjectAlternativeNameExtension) - getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); - if (ext == null) { - return null; - } - - GeneralNames names = (GeneralNames) - ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME); - StringBuffer sb = new StringBuffer(); - Enumeration<GeneralNameInterface> e = names.elements(); - - while (e.hasMoreElements()) { - GeneralNameInterface gn = e.nextElement(); - - if (!sb.toString().equals("")) { - sb.append("\r\n"); - } - sb.append(toGeneralNameString(gn)); - CMS.debug("SubjectAltNameExtDefault: getValue append GN:" + toGeneralNameString(gn)); - } - return sb.toString(); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } catch (IOException e) { - CMS.debug("SubjectAltNameExtDefault: getValue " + - e.toString()); - } - return null; - } - - /* - * returns text that goes into description for this extension on - * a profile - */ - public String getText(Locale locale) { - StringBuffer sb = new StringBuffer(); - int num = getNumGNs(); - - for (int i = 0; i < num; i++) { - sb.append("Record #"); - sb.append(i); - sb.append("{"); - sb.append(GN_PATTERN + ":"); - sb.append(getConfig(CONFIG_PATTERN + i)); - sb.append(","); - sb.append(GN_TYPE + ":"); - sb.append(getConfig(CONFIG_TYPE + i)); - sb.append(","); - sb.append(GN_ENABLE + ":"); - sb.append(getConfig(CONFIG_GN_ENABLE + i)); - sb.append("}"); - } - ; - - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_ALT_NAME_EXT", getConfig(CONFIG_CRITICAL), - sb.toString()); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - SubjectAlternativeNameExtension ext = null; - - try { - /* read from config file*/ - ext = createExtension(request); - - } catch (IOException e) { - CMS.debug("SubjectAltNameExtDefault: populate " + e.toString()); - } - if (ext != null) { - addExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), - ext, info); - } else { - CMS.debug("SubjectAltNameExtDefault: populate sees no extension. get out"); - } - } - - public SubjectAlternativeNameExtension createExtension(IRequest request) - throws IOException { - SubjectAlternativeNameExtension ext = null; - int num = getNumGNs(); - - boolean critical = Boolean.valueOf( - getConfig(CONFIG_CRITICAL)).booleanValue(); - - GeneralNames gn = new GeneralNames(); - int count = 0; // # of actual gnames - for (int i = 0; i < num; i++) { - String enable = getConfig(CONFIG_GN_ENABLE + i); - if (enable != null && enable.equals("true")) { - CMS.debug("SubjectAltNameExtDefault: createExtension i=" + i); - - String pattern = getConfig(CONFIG_PATTERN + i); - if (pattern == null || pattern.equals("")) { - pattern = " "; - } - - if (!pattern.equals("")) { - String gname = ""; - - // cfu - see if this is server-generated (e.g. UUID4) - // to use this feature, use $server.source$ in pattern - String source = getConfig(CONFIG_SOURCE + i); - String type = getConfig(CONFIG_TYPE + i); - if ((source != null) && (!source.equals(""))) { - if (type.equalsIgnoreCase("OtherName")) { - CMS.debug("SubjectAlternativeNameExtension: using " + - source + " as gn"); - if (source.equals(CONFIG_SOURCE_UUID4)) { - UUID randUUID = UUID.randomUUID(); - // call the mapPattern that does server-side gen - // request is not used, but needed for the substitute - // function - gname = mapPattern(randUUID.toString(), request, pattern); - } else { //expand more server-gen types here - CMS.debug("SubjectAltNameExtDefault: createExtension - unsupported server-generated type: " - + source + ". Supported: UUID4"); - continue; - } - } else { - CMS.debug("SubjectAltNameExtDefault: createExtension - source is only supported for subjAltExtType OtherName"); - continue; - } - } else { - if (request != null) { - gname = mapPattern(request, pattern); - } - } - - if (gname.equals("")) { - CMS.debug("gname is empty, not added"); - continue; - } - CMS.debug("SubjectAltNameExtDefault: createExtension got gname=" + gname); - - GeneralNameInterface n = parseGeneralName(type + ":" + gname); - - CMS.debug("adding gname: " + gname); - if (n != null) { - CMS.debug("SubjectAlternativeNameExtension: n not null"); - gn.addElement(n); - count++; - } else { - CMS.debug("SubjectAlternativeNameExtension: n null"); - } - } - } - } //for - - if (count != 0) { - try { - ext = new SubjectAlternativeNameExtension(); - } catch (Exception e) { - CMS.debug(e.toString()); - throw new IOException(e.toString()); - } - ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn); - ext.setCritical(critical); - } else { - CMS.debug("count is 0"); - } - return ext; - } - - public String mapPattern(IRequest request, String pattern) - throws IOException { - Pattern p = new Pattern(pattern); - IAttrSet attrSet = null; - if (request != null) { - attrSet = request.asIAttrSet(); - } - return p.substitute("request", attrSet); - } - - // for server-side generated values - public String mapPattern(String val, IRequest request, String pattern) - throws IOException { - Pattern p = new Pattern(pattern); - IAttrSet attrSet = null; - if (request != null) { - attrSet = request.asIAttrSet(); - } - try { - attrSet.set("source", val); - } catch (Exception e) { - CMS.debug("SubjectAlternativeNameExtension: mapPattern source " + e.toString()); - } - - return p.substitute("server", attrSet); - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java deleted file mode 100644 index cca5ab234..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java +++ /dev/null @@ -1,527 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Locale; -import java.util.StringTokenizer; -import java.util.Vector; - -import netscape.security.util.DerValue; -import netscape.security.util.ObjectIdentifier; -import netscape.security.x509.AVAValueConverter; -import netscape.security.x509.Attribute; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.SubjectDirAttributesExtension; -import netscape.security.x509.X500NameAttrMap; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.common.NameValuePairs; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a subject directory attributes extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class SubjectDirAttributesExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "subjDirAttrsCritical"; - public static final String CONFIG_NUM_ATTRS = "subjDirAttrsNum"; - public static final String CONFIG_ATTR_NAME = "subjDirAttrName_"; - public static final String CONFIG_PATTERN = "subjDirAttrPattern_"; - public static final String CONFIG_ENABLE = "subjDirAttrEnable_"; - - public static final String VAL_CRITICAL = "subjDirAttrCritical"; - public static final String VAL_ATTR = "subjDirAttrValue"; - - private static final int DEF_NUM_ATTRS = 1; - private static final int MAX_NUM_ATTRS = 100; - private static final String ENABLE = "Enable"; - private static final String ATTR_NAME = "Attribute Name"; - private static final String ATTR_VALUE = "Attribute Value"; - - public SubjectDirAttributesExtDefault() { - super(); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - refreshConfigAndValueNames(); - } - - protected int getNumAttrs() { - int num = DEF_NUM_ATTRS; - String val = getConfig(CONFIG_NUM_ATTRS); - - if (val != null) { - try { - num = Integer.parseInt(val); - } catch (NumberFormatException e) { - // ignore - } - } - - if (num >= MAX_NUM_ATTRS) - num = DEF_NUM_ATTRS; - - return num; - } - - public void setConfig(String name, String value) - throws EPropertyException { - int num = 0; - if (name.equals(DEF_NUM_ATTRS)) { - try { - num = Integer.parseInt(value); - - if (num >= MAX_NUM_ATTRS || num < 0) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_ATTRS)); - } - - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_ATTRS)); - } - } - super.setConfig(name, value); - } - - public Enumeration<String> getConfigNames() { - refreshConfigAndValueNames(); - return super.getConfigNames(); - } - - protected void refreshConfigAndValueNames() { - super.refreshConfigAndValueNames(); - - addValueName(VAL_CRITICAL); - addValueName(VAL_ATTR); - - addConfigName(CONFIG_CRITICAL); - int num = getNumAttrs(); - addConfigName(CONFIG_NUM_ATTRS); - for (int i = 0; i < num; i++) { - addConfigName(CONFIG_ATTR_NAME + i); - addConfigName(CONFIG_PATTERN + i); - addConfigName(CONFIG_ENABLE + i); - } - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.startsWith(CONFIG_ATTR_NAME)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ATTRS")); - } else if (name.startsWith(CONFIG_ATTR_NAME)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_ATTR_NAME")); - } else if (name.startsWith(CONFIG_PATTERN)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_ATTR_VALUE")); - } else if (name.startsWith(CONFIG_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); - } else if (name.startsWith(CONFIG_NUM_ATTRS)) { - return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ATTRS")); - } - - return null; - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_ATTR)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_SUBJDIR_ATTRS")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - SubjectDirAttributesExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); - - if (name.equals(VAL_CRITICAL)) { - ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); - boolean val = Boolean.valueOf(value).booleanValue(); - - if (ext == null) { - return; - } - ext.setCritical(val); - } else if (name.equals(VAL_ATTR)) { - ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); - - if (ext == null) { - return; - } - Vector<NameValuePairs> v = parseRecords(value); - int size = v.size(); - - boolean critical = ext.isCritical(); - - Vector<Attribute> attrV = new Vector<Attribute>(); - for (int i = 0; i < size; i++) { - NameValuePairs nvps = v.elementAt(i); - String attrName = null; - String attrValue = null; - String enable = "false"; - - for (String name1 : nvps.keySet()) { - - if (name1.equals(ATTR_NAME)) { - attrName = nvps.get(name1); - } else if (name1.equals(ATTR_VALUE)) { - attrValue = nvps.get(name1); - } else if (name1.equals(ENABLE)) { - enable = nvps.get(name1); - } - } - - if (enable.equals("true")) { - AttributeConfig attributeConfig = - new AttributeConfig(attrName, attrValue); - Attribute attr = attributeConfig.mAttribute; - if (attr != null) - attrV.addElement(attr); - } - } - - if (attrV.size() > 0) { - Attribute[] attrList = new Attribute[attrV.size()]; - attrV.copyInto(attrList); - ext = new SubjectDirAttributesExtension(attrList, critical); - } else - return; - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - replaceExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - ext, info); - } catch (EProfileException e) { - CMS.debug("SubjectDirAttributesExtDefault: setValue " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } catch (IOException e) { - CMS.debug("SubjectDirAttributesExtDefault: setValue " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - SubjectDirAttributesExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); - - if (name.equals(VAL_CRITICAL)) { - ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_ATTR)) { - ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); - - if (ext == null) - return ""; - - X500NameAttrMap map = X500NameAttrMap.getDefault(); - - Vector<NameValuePairs> recs = new Vector<NameValuePairs>(); - int num = getNumAttrs(); - Enumeration<Attribute> e = ext.getAttributesList(); - CMS.debug("SubjectDirAttributesExtDefault: getValue: attributesList=" + e); - int i = 0; - - while (e.hasMoreElements()) { - NameValuePairs pairs = new NameValuePairs(); - pairs.put(ENABLE, "true"); - Attribute attr = e.nextElement(); - CMS.debug("SubjectDirAttributesExtDefault: getValue: attribute=" + attr); - ObjectIdentifier oid = attr.getOid(); - CMS.debug("SubjectDirAttributesExtDefault: getValue: oid=" + oid); - - String vv = map.getName(oid); - - if (vv != null) - pairs.put(ATTR_NAME, vv); - else - pairs.put(ATTR_NAME, oid.toString()); - Enumeration<String> v = attr.getValues(); - - // just support single value for now - StringBuffer ss = new StringBuffer(); - while (v.hasMoreElements()) { - if (ss.length() == 0) - ss.append((String) (v.nextElement())); - else { - ss.append(","); - ss.append((String) (v.nextElement())); - } - } - - pairs.put(ATTR_VALUE, ss.toString()); - recs.addElement(pairs); - i++; - } - - for (; i < num; i++) { - NameValuePairs pairs = new NameValuePairs(); - pairs.put(ENABLE, "false"); - pairs.put(ATTR_NAME, "GENERATIONQUALIFIER"); - pairs.put(ATTR_VALUE, ""); - recs.addElement(pairs); - } - - return buildRecords(recs); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - StringBuffer sb = new StringBuffer(); - int num = getNumAttrs(); - - for (int i = 0; i < num; i++) { - sb.append("Record #"); - sb.append(i); - sb.append("{"); - sb.append(ATTR_NAME + ":"); - sb.append(getConfig(CONFIG_ATTR_NAME + i)); - sb.append(","); - sb.append(ATTR_VALUE + ":"); - sb.append(getConfig(CONFIG_PATTERN + i)); - sb.append(","); - sb.append(ENABLE + ":"); - sb.append(getConfig(CONFIG_ENABLE + i)); - sb.append("}"); - } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_SUBJECT_DIR_ATTR_EXT", - getConfig(CONFIG_CRITICAL), - sb.toString()); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - SubjectDirAttributesExtension ext = createExtension(request); - - if (ext == null) - return; - - addExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - ext, info); - } - - public SubjectDirAttributesExtension createExtension(IRequest request) - throws EProfileException { - SubjectDirAttributesExtension ext = null; - int num = 0; - - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - - num = getNumAttrs(); - - AttributeConfig attributeConfig = null; - Vector<Attribute> attrs = new Vector<Attribute>(); - for (int i = 0; i < num; i++) { - String enable = getConfig(CONFIG_ENABLE + i); - if (enable != null && enable.equals("true")) { - String attrName = getConfig(CONFIG_ATTR_NAME + i); - String pattern = getConfig(CONFIG_PATTERN + i); - if (pattern == null || pattern.equals("")) - pattern = " "; - - //check pattern syntax - int startpos = pattern.indexOf("$"); - int lastpos = pattern.lastIndexOf("$"); - String attrValue = pattern; - if (!pattern.equals("") && startpos != -1 && - startpos == 0 && lastpos != -1 && - lastpos == (pattern.length() - 1)) { - if (request != null) { - try { - attrValue = mapPattern(request, pattern); - } catch (IOException e) { - throw new EProfileException(e.toString()); - } - } - } - try { - attributeConfig = new AttributeConfig(attrName, attrValue); - } catch (EPropertyException e) { - throw new EProfileException(e.toString()); - } - Attribute attr = attributeConfig.mAttribute; - if (attr != null) { - attrs.addElement(attr); - } - } - } - - if (attrs.size() > 0) { - Attribute[] attrList = new Attribute[attrs.size()]; - attrs.copyInto(attrList); - try { - ext = - new SubjectDirAttributesExtension(attrList, critical); - } catch (IOException e) { - throw new EProfileException(e.toString()); - } - } - - return ext; - } -} - -class AttributeConfig { - - protected ObjectIdentifier mAttributeOID = null; - protected Attribute mAttribute = null; - - public AttributeConfig(String attrName, String attrValue) - throws EPropertyException { - X500NameAttrMap map = X500NameAttrMap.getDefault(); - - if (attrName == null || attrName.length() == 0) { - throw new EPropertyException( - CMS.getUserMessage("CMS_PROFILE_SUBJDIR_EMPTY_ATTRNAME", attrName)); - } - - if (attrValue == null || attrValue.length() == 0) { - throw new EPropertyException( - CMS.getUserMessage("CMS_PROFILE_SUBJDIR_EMPTY_ATTRVAL", attrValue)); - } - - try { - mAttributeOID = new ObjectIdentifier(attrName); - } catch (Exception e) { - CMS.debug("SubjectDirAttributesExtDefault: invalid OID syntax: " + attrName); - } - - if (mAttributeOID == null) { - mAttributeOID = map.getOid(attrName); - if (mAttributeOID == null) - throw new EPropertyException( - CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", attrName)); - try { - checkValue(mAttributeOID, attrValue); - } catch (IOException e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage())); - } - } - - try { - mAttribute = new Attribute(mAttributeOID, - str2MultiValues(attrValue)); - } catch (IOException e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage())); - } - } - - private static void checkValue(ObjectIdentifier oid, String val) - throws IOException { - AVAValueConverter c = X500NameAttrMap.getDefault().getValueConverter(oid); - - @SuppressWarnings("unused") - DerValue derval = c.getValue(val); // check for errors - return; - } - - private Vector<String> str2MultiValues(String attrValue) { - StringTokenizer tokenizer = new StringTokenizer(attrValue, ","); - Vector<String> v = new Vector<String>(); - while (tokenizer.hasMoreTokens()) { - v.addElement(tokenizer.nextToken()); - } - - return v; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java deleted file mode 100644 index 8ea7533cc..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java +++ /dev/null @@ -1,448 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Locale; -import java.util.Vector; - -import netscape.security.extensions.AccessDescription; -import netscape.security.extensions.SubjectInfoAccessExtension; -import netscape.security.util.ObjectIdentifier; -import netscape.security.x509.GeneralName; -import netscape.security.x509.GeneralNameInterface; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.common.NameValuePairs; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates Subject Info Access extension. - * - * @version $Revision$, $Date$ - */ -public class SubjectInfoAccessExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "subjInfoAccessCritical"; - public static final String CONFIG_NUM_ADS = "subjInfoAccessNumADs"; - public static final String CONFIG_AD_ENABLE = "subjInfoAccessADEnable_"; - public static final String CONFIG_AD_METHOD = "subjInfoAccessADMethod_"; - public static final String CONFIG_AD_LOCATIONTYPE = "subjInfoAccessADLocationType_"; - public static final String CONFIG_AD_LOCATION = "subjInfoAccessADLocation_"; - - public static final String VAL_CRITICAL = "subjInfoAccessCritical"; - public static final String VAL_GENERAL_NAMES = "subjInfoAccessGeneralNames"; - - private static final String AD_METHOD = "Method"; - private static final String AD_LOCATION_TYPE = "Location Type"; - private static final String AD_LOCATION = "Location"; - private static final String AD_ENABLE = "Enable"; - - private static final int DEF_NUM_AD = 1; - private static final int MAX_NUM_AD = 100; - - public SubjectInfoAccessExtDefault() { - super(); - } - - protected int getNumAds() { - int num = DEF_NUM_AD; - String numAds = getConfig(CONFIG_NUM_ADS); - - if (numAds != null) { - try { - num = Integer.parseInt(numAds); - } catch (NumberFormatException e) { - // ignore - } - } - if (num >= MAX_NUM_AD) - num = DEF_NUM_AD; - - return num; - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - refreshConfigAndValueNames(); - } - - public void setConfig(String name, String value) - throws EPropertyException { - int num = 0; - if (name.equals(CONFIG_NUM_ADS)) { - try { - num = Integer.parseInt(value); - - if (num >= MAX_NUM_AD || num < 0) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); - } - - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); - } - } - super.setConfig(name, value); - } - - public Enumeration<String> getConfigNames() { - refreshConfigAndValueNames(); - return super.getConfigNames(); - } - - protected void refreshConfigAndValueNames() { - super.refreshConfigAndValueNames(); - - addValueName(VAL_CRITICAL); - addValueName(VAL_GENERAL_NAMES); - - // register configuration names bases on num ads - addConfigName(CONFIG_CRITICAL); - int num = getNumAds(); - addConfigName(CONFIG_NUM_ADS); - for (int i = 0; i < num; i++) { - addConfigName(CONFIG_AD_METHOD + i); - addConfigName(CONFIG_AD_LOCATIONTYPE + i); - addConfigName(CONFIG_AD_LOCATION + i); - addConfigName(CONFIG_AD_ENABLE + i); - } - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.startsWith(CONFIG_AD_METHOD)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_AD_METHOD")); - } else if (name.startsWith(CONFIG_AD_LOCATIONTYPE)) { - return new Descriptor(IDescriptor.CHOICE, - "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", - "URIName", - CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATIONTYPE")); - } else if (name.startsWith(CONFIG_AD_LOCATION)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATION")); - } else if (name.startsWith(CONFIG_AD_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_AD_ENABLE")); - } else if (name.startsWith(CONFIG_NUM_ADS)) { - return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ADS")); - } - return null; - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_GENERAL_NAMES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - try { - SubjectInfoAccessExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - SubjectInfoAccessExtension a = new SubjectInfoAccessExtension(false); - ObjectIdentifier oid = a.getExtensionId(); - - ext = (SubjectInfoAccessExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - populate(null, info); - } - - if (name.equals(VAL_CRITICAL)) { - - ext = (SubjectInfoAccessExtension) - getExtension(oid.toString(), info); - boolean val = Boolean.valueOf(value).booleanValue(); - - if (ext == null) { - return; - } - ext.setCritical(val); - } else if (name.equals(VAL_GENERAL_NAMES)) { - - ext = (SubjectInfoAccessExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - return; - } - boolean critical = ext.isCritical(); - - Vector<NameValuePairs> v = parseRecords(value); - int size = v.size(); - - ext = new SubjectInfoAccessExtension(critical); - String method = null; - String locationType = null; - String location = null; - String enable = null; - - for (int i = 0; i < size; i++) { - NameValuePairs nvps = v.elementAt(i); - - for (String name1 : nvps.keySet()) { - - if (name1.equals(AD_METHOD)) { - method = nvps.get(name1); - } else if (name1.equals(AD_LOCATION_TYPE)) { - locationType = nvps.get(name1); - } else if (name1.equals(AD_LOCATION)) { - location = nvps.get(name1); - } else if (name1.equals(AD_ENABLE)) { - enable = nvps.get(name1); - } - } - - if (enable != null && enable.equals("true")) { - GeneralName gn = null; - - if (locationType != null || location != null) { - GeneralNameInterface interface1 = parseGeneralName(locationType + ":" + location); - if (interface1 == null) - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", locationType)); - gn = new GeneralName(interface1); - } - - if (method != null) { - try { - ext.addAccessDescription(new ObjectIdentifier(method), gn); - } catch (NumberFormatException ee) { - CMS.debug("SubjectInfoAccessExtDefault: " + ee.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_PROFILE_DEF_SIA_OID", method)); - } - } - } - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - replaceExtension(ext.getExtensionId().toString(), ext, info); - } catch (IOException e) { - CMS.debug("SubjectInfoAccessExtDefault: " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } catch (EProfileException e) { - CMS.debug("SubjectInfoAccessExtDefault: " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - SubjectInfoAccessExtension ext = null; - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - SubjectInfoAccessExtension a = new SubjectInfoAccessExtension(false); - ObjectIdentifier oid = a.getExtensionId(); - - ext = (SubjectInfoAccessExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - CMS.debug("SubjectInfoAccessExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - if (name.equals(VAL_CRITICAL)) { - - ext = (SubjectInfoAccessExtension) - getExtension(oid.toString(), info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_GENERAL_NAMES)) { - - ext = (SubjectInfoAccessExtension) - getExtension(oid.toString(), info); - - if (ext == null) - return ""; - - int num = getNumAds(); - - CMS.debug("SubjectInfoAccess num=" + num); - Vector<NameValuePairs> recs = new Vector<NameValuePairs>(); - - for (int i = 0; i < num; i++) { - NameValuePairs np = new NameValuePairs(); - AccessDescription des = null; - - if (i < ext.numberOfAccessDescription()) { - des = ext.getAccessDescription(i); - } - if (des == null) { - np.put(AD_METHOD, ""); - np.put(AD_LOCATION_TYPE, ""); - np.put(AD_LOCATION, ""); - np.put(AD_ENABLE, "false"); - } else { - ObjectIdentifier methodOid = des.getMethod(); - GeneralName gn = des.getLocation(); - - np.put(AD_METHOD, methodOid.toString()); - np.put(AD_LOCATION_TYPE, getGeneralNameType(gn)); - np.put(AD_LOCATION, getGeneralNameValue(gn)); - np.put(AD_ENABLE, "true"); - } - recs.addElement(np); - } - - return buildRecords(recs); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - StringBuffer ads = new StringBuffer(); - int num = getNumAds(); - - for (int i = 0; i < num; i++) { - ads.append("Record #"); - ads.append(i); - ads.append("{"); - ads.append(AD_METHOD + ":"); - ads.append(getConfig(CONFIG_AD_METHOD + i)); - ads.append(","); - ads.append(AD_LOCATION_TYPE + ":"); - ads.append(getConfig(CONFIG_AD_LOCATIONTYPE + i)); - ads.append(","); - ads.append(AD_LOCATION + ":"); - ads.append(getConfig(CONFIG_AD_LOCATION + i)); - ads.append(","); - ads.append(AD_ENABLE + ":"); - ads.append(getConfig(CONFIG_AD_ENABLE + i)); - ads.append("}"); - } - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIA_TEXT", - getConfig(CONFIG_CRITICAL), ads.toString()); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - SubjectInfoAccessExtension ext = createExtension(); - - addExtension(ext.getExtensionId().toString(), ext, info); - } - - public SubjectInfoAccessExtension createExtension() { - SubjectInfoAccessExtension ext = null; - int num = getNumAds(); - - try { - boolean critical = getConfigBoolean(CONFIG_CRITICAL); - - ext = new SubjectInfoAccessExtension(critical); - for (int i = 0; i < num; i++) { - String enable = getConfig(CONFIG_AD_ENABLE + i); - if (enable != null && enable.equals("true")) { - CMS.debug("SubjectInfoAccess: createExtension i=" + i); - String method = getConfig(CONFIG_AD_METHOD + i); - String locationType = getConfig(CONFIG_AD_LOCATIONTYPE + i); - if (locationType == null || locationType.length() == 0) - locationType = "URIName"; - String location = getConfig(CONFIG_AD_LOCATION + i); - - if (location == null || location.equals("")) { - if (method.equals("1.3.6.1.5.5.7.48.1")) { - String hostname = CMS.getEENonSSLHost(); - String port = CMS.getEENonSSLPort(); - if (hostname != null && port != null) - location = "http://" + hostname + ":" + port + "/ocsp"; - } - } - - String s = locationType + ":" + location; - GeneralNameInterface gn = parseGeneralName(s); - if (gn != null) { - ext.addAccessDescription(new ObjectIdentifier(method), - new GeneralName(gn)); - } - } - } - } catch (Exception e) { - CMS.debug("SubjectInfoAccessExtDefault: createExtension " + - e.toString()); - } - - return ext; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java deleted file mode 100644 index 9476e45f6..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java +++ /dev/null @@ -1,217 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.util.Locale; - -import netscape.security.x509.CertificateX509Key; -import netscape.security.x509.KeyIdentifier; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.SubjectKeyIdentifierExtension; -import netscape.security.x509.X509CertInfo; -import netscape.security.x509.X509Key; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a subject key identifier extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "critical"; - - public static final String VAL_CRITICAL = "critical"; - public static final String VAL_KEY_ID = "keyid"; - - public SubjectKeyIdentifierExtDefault() { - super(); - addValueName(VAL_CRITICAL); - addValueName(VAL_KEY_ID); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); - } else if (name.equals(VAL_KEY_ID)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ID")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_CRITICAL)) { - // read-only; do nothing - } else if (name.equals(VAL_KEY_ID)) { - // read-only; do nothing - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - SubjectKeyIdentifierExtension ext = - (SubjectKeyIdentifierExtension) getExtension( - PKIXExtensions.SubjectKey_Id.toString(), info); - - if (ext == null) { - try { - populate(null, info); - - } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - if (name.equals(VAL_CRITICAL)) { - ext = - (SubjectKeyIdentifierExtension) getExtension( - PKIXExtensions.SubjectKey_Id.toString(), info); - - if (ext == null) { - return null; - } - if (ext.isCritical()) { - return "true"; - } else { - return "false"; - } - } else if (name.equals(VAL_KEY_ID)) { - ext = - (SubjectKeyIdentifierExtension) getExtension( - PKIXExtensions.SubjectKey_Id.toString(), info); - - if (ext == null) { - return null; - } - KeyIdentifier kid = null; - - try { - kid = (KeyIdentifier) - ext.get(SubjectKeyIdentifierExtension.KEY_ID); - } catch (IOException e) { - CMS.debug("SubjectKeyIdentifierExtDefault::getValue() - " + - "kid is null!"); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", - name)); - } - return toHexString(kid.getIdentifier()); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_KEY_ID_EXT"); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - SubjectKeyIdentifierExtension ext = createExtension(info); - - addExtension(PKIXExtensions.SubjectKey_Id.toString(), ext, info); - } - - public SubjectKeyIdentifierExtension createExtension(X509CertInfo info) { - KeyIdentifier kid = getKeyIdentifier(info); - - if (kid == null) { - CMS.debug("SubjectKeyIdentifierExtDefault: KeyIdentifier not found"); - return null; - } - SubjectKeyIdentifierExtension ext = null; - - boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL)).booleanValue(); - - try { - ext = new SubjectKeyIdentifierExtension(critical, kid.getIdentifier()); - } catch (IOException e) { - CMS.debug("SubjectKeyIdentifierExtDefault: createExtension " + - e.toString()); - // - } - return ext; - } - - public KeyIdentifier getKeyIdentifier(X509CertInfo info) { - try { - CertificateX509Key infokey = (CertificateX509Key) - info.get(X509CertInfo.KEY); - X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY); - MessageDigest md = MessageDigest.getInstance("SHA-1"); - - md.update(key.getKey()); - byte[] hash = md.digest(); - - return new KeyIdentifier(hash); - } catch (NoSuchAlgorithmException e) { - CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " + - e.toString()); - } catch (Exception e) { - CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " + - e.toString()); - } - return null; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java deleted file mode 100644 index 479219b84..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java +++ /dev/null @@ -1,184 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Locale; - -import netscape.security.x509.CertificateSubjectName; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates server-side configurable subject name - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class SubjectNameDefault extends EnrollDefault { - - public static final String CONFIG_NAME = "name"; - - public static final String VAL_NAME = "name"; - - public SubjectNameDefault() { - super(); - addValueName(VAL_NAME); - addConfigName(CONFIG_NAME); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_NAME)) { - return new Descriptor(IDescriptor.STRING, - null, "CN=TEST", CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_NAME)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_NAME)) { - X500Name x500name = null; - - try { - x500name = new X500Name(value); - if (x500name != null) { - CMS.debug("SubjectNameDefault: setValue x500name=" + x500name.toString()); - } - } catch (IOException e) { - CMS.debug("SubjectNameDefault: setValue " + e.toString()); - // failed to build x500 name - } - CMS.debug("SubjectNameDefault: setValue name=" + x500name.toString()); - try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("SubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_NAME)) { - CertificateSubjectName sn = null; - - try { - CMS.debug("SubjectNameDefault: getValue info=" + info); - sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); - CMS.debug("SubjectNameDefault: getValue name=" + sn); - return sn.toString(); - } catch (Exception e) { - // nothing - CMS.debug("SubjectNameDefault: getValue " + e.toString()); - - } - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_NAME", - getConfig(CONFIG_NAME)); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - X500Name name = null; - - String subjectName = null; - - try { - subjectName = mapPattern(request, getConfig(CONFIG_NAME)); - } catch (IOException e) { - CMS.debug("SubjectNameDefault: mapPattern " + e.toString()); - } - - CMS.debug("subjectName=" + subjectName); - if (subjectName == null || subjectName.equals("")) - return; - try { - name = new X500Name(subjectName); - } catch (IOException e) { - // failed to build x500 name - CMS.debug("SubjectNameDefault: populate " + e.toString()); - } - if (name == null) { - // failed to build x500 name - } - try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(name)); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("SubjectNameDefault: populate " + e.toString()); - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java deleted file mode 100644 index 46a78c731..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java +++ /dev/null @@ -1,136 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.util.Locale; - -import netscape.security.x509.CertificateExtensions; -import netscape.security.x509.Extension; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IEnrollProfile; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a user-supplied extension - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class UserExtensionDefault extends EnrollExtDefault { - - public static final String CONFIG_CRITICAL = "userExtCritical"; - public static final String CONFIG_OID = "userExtOID"; - - public static final String VAL_CRITICAL = "userExtCritical"; - public static final String VAL_OID = "userExtOID"; - - public UserExtensionDefault() { - super(); - addValueName(VAL_OID); - addConfigName(CONFIG_OID); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_OID)) { - return new Descriptor(IDescriptor.STRING, null, - "Comment Here...", - CMS.getUserMessage(locale, "CMS_PROFILE_OID")); - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_OID)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_OID")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - // Nothing to do for read-only values - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_OID)) { - Extension ext = getExtension(getConfig(CONFIG_OID), info); - - if (ext == null) { - // do something here - return ""; - } - return ext.getExtensionId().toString(); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_USER_EXT", getConfig(CONFIG_OID)); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - CertificateExtensions inExts = null; - String oid = getConfig(CONFIG_OID); - - inExts = request.getExtDataInCertExts(IEnrollProfile.REQUEST_EXTENSIONS); - if (inExts == null) - return; - Extension ext = getExtension(getConfig(CONFIG_OID), inExts); - if (ext == null) { - CMS.debug("UserExtensionDefault: no user ext supplied for " + oid); - return; - } - - // user supplied the ext that's allowed, replace the def set by system - deleteExtension(oid, info); - CMS.debug("UserExtensionDefault: using user supplied ext for " + oid); - addExtension(oid, ext, info); - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java deleted file mode 100644 index b1dc9d116..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java +++ /dev/null @@ -1,233 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.ByteArrayInputStream; -import java.math.BigInteger; -import java.security.interfaces.DSAParams; -import java.util.Locale; - -import netscape.security.provider.DSAPublicKey; -import netscape.security.provider.RSAPublicKey; -import netscape.security.x509.AlgorithmId; -import netscape.security.x509.CertificateX509Key; -import netscape.security.x509.X509CertInfo; -import netscape.security.x509.X509Key; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IEnrollProfile; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a user supplied key - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class UserKeyDefault extends EnrollDefault { - - public static final String VAL_KEY = "KEY"; - public static final String VAL_LEN = "LEN"; - public static final String VAL_TYPE = "TYPE"; - - public UserKeyDefault() { - super(); - addValueName(VAL_TYPE); - addValueName(VAL_LEN); - addValueName(VAL_KEY); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_KEY)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_KEY")); - } else if (name.equals(VAL_LEN)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_KEY_LEN")); - } else if (name.equals(VAL_TYPE)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_KEY_TYPE")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - // this default rule is readonly - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_KEY)) { - CertificateX509Key ck = null; - - try { - ck = (CertificateX509Key) - info.get(X509CertInfo.KEY); - } catch (Exception e) { - // nothing - } - X509Key k = null; - - try { - k = (X509Key) - ck.get(CertificateX509Key.KEY); - } catch (Exception e) { - // nothing - } - if (k == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_PROFILE_KEY_NOT_FOUND")); - } - return toHexString(k.getKey()); - } else if (name.equals(VAL_LEN)) { - CertificateX509Key ck = null; - - try { - ck = (CertificateX509Key) - info.get(X509CertInfo.KEY); - } catch (Exception e) { - // nothing - } - X509Key k = null; - - try { - k = (X509Key) - ck.get(CertificateX509Key.KEY); - } catch (Exception e) { - // nothing - } - if (k == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_PROFILE_KEY_NOT_FOUND")); - } - try { - if (k.getAlgorithm().equals("RSA")) { - return Integer.toString(getRSAKeyLen(k)); - } else { - return Integer.toString(getDSAKeyLen(k)); - } - } catch (Exception e) { - CMS.debug("UserKeyDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else if (name.equals(VAL_TYPE)) { - CertificateX509Key ck = null; - - try { - ck = (CertificateX509Key) - info.get(X509CertInfo.KEY); - } catch (Exception e) { - // nothing - } - X509Key k = null; - - try { - k = (X509Key) - ck.get(CertificateX509Key.KEY); - } catch (Exception e) { - // nothing - } - if (k == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_PROFILE_KEY_NOT_FOUND")); - } - return k.getAlgorithm() + " - " + - k.getAlgorithmId().getOID().toString(); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_USER_KEY"); - } - - public int getRSAKeyLen(X509Key key) throws Exception { - X509Key newkey = null; - - try { - newkey = new X509Key(AlgorithmId.get("RSA"), - key.getKey()); - } catch (Exception e) { - CMS.debug("UserKeyDefault: getRSAKey " + e.toString()); - throw e; - } - RSAPublicKey rsaKey = new RSAPublicKey(newkey.getEncoded()); - - return rsaKey.getKeySize(); - } - - public int getDSAKeyLen(X509Key key) throws Exception { - // Check DSAKey parameters. - // size refers to the p parameter. - DSAPublicKey dsaKey = new DSAPublicKey(key.getEncoded()); - DSAParams keyParams = dsaKey.getParams(); - BigInteger p = keyParams.getP(); - int len = p.bitLength(); - - return len; - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - CertificateX509Key certKey = null; - // authenticate the certificate key, and move - // the key from request into x509 certinfo - try { - byte[] certKeyData = request.getExtDataInByteArray(IEnrollProfile.REQUEST_KEY); - if (certKeyData != null) { - certKey = new CertificateX509Key( - new ByteArrayInputStream(certKeyData)); - } - info.set(X509CertInfo.KEY, certKey); - } catch (Exception e) { - CMS.debug("UserKeyDefault: populate " + e.toString()); - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java deleted file mode 100644 index 4aeed6ba3..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java +++ /dev/null @@ -1,126 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.ByteArrayInputStream; -import java.util.Locale; - -import netscape.security.x509.AlgorithmId; -import netscape.security.x509.CertificateAlgorithmId; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IEnrollProfile; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a user-supplied signing algorithm - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class UserSigningAlgDefault extends EnrollDefault { - - public static final String VAL_ALG_ID = "userSigningAlgID"; - - public UserSigningAlgDefault() { - super(); - addValueName(VAL_ALG_ID); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_ALG_ID)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SIGNING_ALGORITHM")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - // this default rule is readonly - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_ALG_ID)) { - CertificateAlgorithmId algID = null; - - try { - algID = (CertificateAlgorithmId) - info.get(X509CertInfo.ALGORITHM_ID); - AlgorithmId id = (AlgorithmId) - algID.get(CertificateAlgorithmId.ALGORITHM); - - return id.toString(); - } catch (Exception e) { - CMS.debug("UserSigningAlgDefault: setValue " + e.toString()); - return ""; //XXX - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_USER_SIGNING_ALGORITHM"); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - CertificateAlgorithmId certAlg = null; - // authenticate the certificate key, and move - // the key from request into x509 certinfo - try { - byte[] certAlgData = request.getExtDataInByteArray( - IEnrollProfile.REQUEST_SIGNING_ALGORITHM); - if (certAlgData != null) { - certAlg = new CertificateAlgorithmId( - new ByteArrayInputStream(certAlgData)); - } - info.set(X509CertInfo.ALGORITHM_ID, certAlg); - } catch (Exception e) { - CMS.debug("UserSigningAlgDefault: populate " + e.toString()); - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java deleted file mode 100644 index 65456e256..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java +++ /dev/null @@ -1,143 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Locale; - -import netscape.security.x509.CertificateSubjectName; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IEnrollProfile; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a user-supplied subject name - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class UserSubjectNameDefault extends EnrollDefault { - - public static final String VAL_NAME = "name"; - - public UserSubjectNameDefault() { - super(); - addValueName(VAL_NAME); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_NAME)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_NAME)) { - X500Name x500name = null; - - try { - x500name = new X500Name(value); - } catch (IOException e) { - CMS.debug(e.toString()); - // failed to build x500 name - } - CMS.debug("SubjectNameDefault: setValue name=" + x500name); - try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("UserSubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_NAME)) { - CertificateSubjectName sn = null; - - try { - sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); - return sn.toString(); - } catch (Exception e) { - // nothing - } - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_USER_SUBJECT_NAME"); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - // authenticate the subject name and populate it - // to the certinfo - try { - info.set(X509CertInfo.SUBJECT, request.getExtDataInCertSubjectName( - IEnrollProfile.REQUEST_SUBJECT_NAME)); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("UserSubjectNameDefault: populate " + e.toString()); - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java deleted file mode 100644 index 3fadb81fd..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java +++ /dev/null @@ -1,149 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.ByteArrayInputStream; -import java.util.Date; -import java.util.Locale; - -import netscape.security.x509.CertificateValidity; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IEnrollProfile; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a user-supplied validity - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class UserValidityDefault extends EnrollDefault { - - public static final String VAL_NOT_BEFORE = "userValdityNotBefore"; - public static final String VAL_NOT_AFTER = "userValdityNotAfter"; - - public UserValidityDefault() { - super(); - addValueName(VAL_NOT_BEFORE); - addValueName(VAL_NOT_AFTER); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_NOT_BEFORE)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_NOT_BEFORE")); - } else if (name.equals(VAL_NOT_AFTER)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_NOT_AFTER")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - // this default rule is readonly - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_NOT_BEFORE)) { - CertificateValidity validity = null; - - try { - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); - Date notBefore = (Date) - validity.get(CertificateValidity.NOT_BEFORE); - - return notBefore.toString(); - } catch (Exception e) { - CMS.debug("UserValidityDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else if (name.equals(VAL_NOT_AFTER)) { - try { - CertificateValidity validity = null; - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); - Date notAfter = (Date) - validity.get(CertificateValidity.NOT_AFTER); - - return notAfter.toString(); - } catch (Exception e) { - CMS.debug("UserValidityDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_USER_VALIDITY"); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - CertificateValidity certValidity = null; - // authenticate the certificate key, and move - // the key from request into x509 certinfo - try { - byte[] certValidityData = request.getExtDataInByteArray( - IEnrollProfile.REQUEST_VALIDITY); - if (certValidityData != null) { - certValidity = new CertificateValidity(); - certValidity.decode( - new ByteArrayInputStream(certValidityData)); - } - info.set(X509CertInfo.VALIDITY, certValidity); - } catch (Exception e) { - CMS.debug("UserValidityDefault: populate " + e.toString()); - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java deleted file mode 100644 index ad06400f3..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java +++ /dev/null @@ -1,263 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.text.ParsePosition; -import java.text.SimpleDateFormat; -import java.util.Date; -import java.util.Locale; - -import netscape.security.x509.CertificateValidity; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates a server-side configurable validity - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class ValidityDefault extends EnrollDefault { - public static final String CONFIG_RANGE = "range"; - public static final String CONFIG_START_TIME = "startTime"; - - public static final String VAL_NOT_BEFORE = "notBefore"; - public static final String VAL_NOT_AFTER = "notAfter"; - - public static final String DATE_FORMAT = "yyyy-MM-dd HH:mm:ss"; - - private long mDefault = 86400000; // 1 days - - public ValidityDefault() { - super(); - addConfigName(CONFIG_RANGE); - addConfigName(CONFIG_START_TIME); - addValueName(VAL_NOT_BEFORE); - addValueName(VAL_NOT_AFTER); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public void setConfig(String name, String value) - throws EPropertyException { - if (name.equals(CONFIG_RANGE)) { - try { - Integer.parseInt(value); - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_RANGE)); - } - } else if (name.equals(CONFIG_START_TIME)) { - try { - Integer.parseInt(value); - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_START_TIME)); - } - } - super.setConfig(name, value); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_RANGE)) { - return new Descriptor(IDescriptor.STRING, - null, - "2922", - CMS.getUserMessage(locale, - "CMS_PROFILE_VALIDITY_RANGE")); - } else if (name.equals(CONFIG_START_TIME)) { - return new Descriptor(IDescriptor.STRING, - null, - "60", /* 1 minute */ - CMS.getUserMessage(locale, - "CMS_PROFILE_VALIDITY_START_TIME")); - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_NOT_BEFORE)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_NOT_BEFORE")); - } else if (name.equals(VAL_NOT_AFTER)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_NOT_AFTER")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (value == null || value.equals("")) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); - ParsePosition pos = new ParsePosition(0); - Date date = formatter.parse(value, pos); - CertificateValidity validity = null; - - try { - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); - validity.set(CertificateValidity.NOT_BEFORE, - date); - } catch (Exception e) { - CMS.debug("ValidityDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); - ParsePosition pos = new ParsePosition(0); - Date date = formatter.parse(value, pos); - CertificateValidity validity = null; - - try { - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); - validity.set(CertificateValidity.NOT_AFTER, - date); - } catch (Exception e) { - CMS.debug("ValidityDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - - if (name == null) - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - - if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); - CertificateValidity validity = null; - - try { - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); - return formatter.format((Date) - validity.get(CertificateValidity.NOT_BEFORE)); - } catch (Exception e) { - CMS.debug("ValidityDefault: getValue " + e.toString()); - } - throw new EPropertyException("Invalid valie"); - } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); - CertificateValidity validity = null; - - try { - validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); - return formatter.format((Date) - validity.get(CertificateValidity.NOT_AFTER)); - } catch (Exception e) { - CMS.debug("ValidityDefault: getValue " + e.toString()); - } - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", - getConfig(CONFIG_RANGE)); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - // always + 60 seconds - String startTimeStr = getConfig(CONFIG_START_TIME); - try { - startTimeStr = mapPattern(request, startTimeStr); - } catch (IOException e) { - CMS.debug("ValidityDefault: populate " + e.toString()); - } - - if (startTimeStr == null || startTimeStr.equals("")) { - startTimeStr = "60"; - } - int startTime = Integer.parseInt(startTimeStr); - Date notBefore = new Date(CMS.getCurrentDate().getTime() + (1000 * startTime)); - long notAfterVal = 0; - - try { - String rangeStr = getConfig(CONFIG_RANGE); - rangeStr = mapPattern(request, rangeStr); - notAfterVal = notBefore.getTime() + - (mDefault * Integer.parseInt(rangeStr)); - } catch (Exception e) { - // configured value is not correct - CMS.debug("ValidityDefault: populate " + e.toString()); - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_RANGE)); - } - Date notAfter = new Date(notAfterVal); - CertificateValidity validity = - new CertificateValidity(notBefore, notAfter); - - try { - info.set(X509CertInfo.VALIDITY, validity); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("ValidityDefault: populate " + e.toString()); - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_INVALID_PROPERTY", X509CertInfo.VALIDITY)); - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java deleted file mode 100644 index 6b5ab6bc0..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java +++ /dev/null @@ -1,215 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Locale; - -import netscape.security.x509.CertificateSubjectName; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates server-side configurable subject name - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class nsHKeySubjectNameDefault extends EnrollDefault { - - public static final String PROP_PARAMS = "params"; - public static final String CONFIG_DNPATTERN = "dnpattern"; - - public static final String VAL_NAME = "name"; - - /* default dn pattern if left blank or not set in the config */ - protected static String DEFAULT_DNPATTERN = - "CN=SecureMember - $request.tokencuid$, OU=Subscriber, O=Red Hat, C=US"; - - protected IConfigStore mParamsConfig; - - public nsHKeySubjectNameDefault() { - super(); - addConfigName(CONFIG_DNPATTERN); - - addValueName(CONFIG_DNPATTERN); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - CMS.debug("nsHKeySubjectNameDefault: in getConfigDescriptor, name=" + name); - if (name.equals(CONFIG_DNPATTERN)) { - return new Descriptor(IDescriptor.STRING, - null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - CMS.debug("nsHKeySubjectNameDefault: in getValueDescriptor name=" + name); - - if (name.equals(VAL_NAME)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - - CMS.debug("nsHKeySubjectNameDefault: in setValue, value=" + value); - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_NAME)) { - X500Name x500name = null; - - try { - x500name = new X500Name(value); - } catch (IOException e) { - CMS.debug("nsHKeySubjectNameDefault: setValue " + e.toString()); - // failed to build x500 name - } - CMS.debug("nsHKeySubjectNameDefault: setValue name=" + x500name); - try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("nsHKeySubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - CMS.debug("nsHKeySubjectNameDefault: in getValue, name=" + name); - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_NAME)) { - CertificateSubjectName sn = null; - - try { - CMS.debug("nsHKeySubjectNameDefault: getValue info=" + info); - sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); - CMS.debug("nsHKeySubjectNameDefault: getValue name=" + sn); - return sn.toString(); - } catch (Exception e) { - // nothing - CMS.debug("nsHKeySubjectNameDefault: getValue " + e.toString()); - - } - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - CMS.debug("nsHKeySubjectNameDefault: in getText"); - return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", - getConfig(CONFIG_DNPATTERN)); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - X500Name name = null; - CMS.debug("nsHKeySubjectNameDefault: in populate"); - - try { - String subjectName = getSubjectName(request); - CMS.debug("subjectName=" + subjectName); - if (subjectName == null || subjectName.equals("")) - return; - - name = new X500Name(subjectName); - } catch (IOException e) { - // failed to build x500 name - CMS.debug("nsHKeySubjectNameDefault: populate " + e.toString()); - } - if (name == null) { - // failed to build x500 name - } - try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(name)); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("nsHKeySubjectNameDefault: populate " + e.toString()); - } - } - - private String getSubjectName(IRequest request) - throws EProfileException, IOException { - - CMS.debug("nsHKeySubjectNameDefault: in getSubjectName"); - - String pattern = getConfig(CONFIG_DNPATTERN); - if (pattern == null || pattern.equals("")) { - pattern = " "; - } - - String sbjname = ""; - - if (request != null) { - CMS.debug("pattern = " + pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsHKeySubjectNameDefault: getSubjectName(): subject name mapping done"); - } - - return sbjname; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java deleted file mode 100644 index cc1a8de81..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java +++ /dev/null @@ -1,423 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -//ldap java sdk -import java.io.IOException; -import java.util.Locale; -import java.util.StringTokenizer; - -import netscape.ldap.LDAPAttribute; -import netscape.ldap.LDAPConnection; -import netscape.ldap.LDAPEntry; -import netscape.ldap.LDAPSearchResults; -import netscape.ldap.LDAPv2; -import netscape.security.x509.CertificateSubjectName; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.ldap.ILdapConnFactory; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates server-side configurable subject name - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class nsNKeySubjectNameDefault extends EnrollDefault { - - public static final String PROP_LDAP = "ldap"; - public static final String PROP_PARAMS = "params"; - public static final String CONFIG_DNPATTERN = "dnpattern"; - public static final String CONFIG_LDAP_STRING_ATTRS = "ldapStringAttributes"; - public static final String CONFIG_LDAP_HOST = "ldap.ldapconn.host"; - public static final String CONFIG_LDAP_PORT = "ldap.ldapconn.port"; - public static final String CONFIG_LDAP_SEC_CONN = "ldap.ldapconn.secureConn"; - public static final String CONFIG_LDAP_VER = "ldap.ldapconn.Version"; - public static final String CONFIG_LDAP_BASEDN = "ldap.basedn"; - public static final String CONFIG_LDAP_MIN_CONN = "ldap.minConns"; - public static final String CONFIG_LDAP_MAX_CONN = "ldap.maxConns"; - - public static final String VAL_NAME = "name"; - - public static final String CONFIG_LDAP_VERS = - "2,3"; - - /* default dn pattern if left blank or not set in the config */ - protected static String DEFAULT_DNPATTERN = - "CN=$request.aoluid$, E=$request.mail$"; - - /* ldap configuration sub-store */ - boolean mInitialized = false; - protected IConfigStore mInstConfig; - protected IConfigStore mLdapConfig; - protected IConfigStore mParamsConfig; - - /* ldap base dn */ - protected String mBaseDN = null; - - /* factory of anonymous ldap connections */ - protected ILdapConnFactory mConnFactory = null; - - /* the list of LDAP attributes with string values to retrieve to - * form the subject dn. */ - protected String[] mLdapStringAttrs = null; - - public nsNKeySubjectNameDefault() { - super(); - addConfigName(CONFIG_DNPATTERN); - addConfigName(CONFIG_LDAP_STRING_ATTRS); - addConfigName(CONFIG_LDAP_HOST); - addConfigName(CONFIG_LDAP_PORT); - addConfigName(CONFIG_LDAP_SEC_CONN); - addConfigName(CONFIG_LDAP_VER); - addConfigName(CONFIG_LDAP_BASEDN); - addConfigName(CONFIG_LDAP_MIN_CONN); - addConfigName(CONFIG_LDAP_MAX_CONN); - - addValueName(CONFIG_DNPATTERN); - addValueName(CONFIG_LDAP_STRING_ATTRS); - addValueName(CONFIG_LDAP_HOST); - addValueName(CONFIG_LDAP_PORT); - addValueName(CONFIG_LDAP_SEC_CONN); - addValueName(CONFIG_LDAP_VER); - addValueName(CONFIG_LDAP_BASEDN); - addValueName(CONFIG_LDAP_MIN_CONN); - addValueName(CONFIG_LDAP_MAX_CONN); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - mInstConfig = config; - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - CMS.debug("nsNKeySubjectNameDefault: in getConfigDescriptor, name=" + name); - if (name.equals(CONFIG_DNPATTERN)) { - return new Descriptor(IDescriptor.STRING, - null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); - } else if (name.equals(CONFIG_LDAP_STRING_ATTRS)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_STRING_ATTRS")); - } else if (name.equals(CONFIG_LDAP_HOST)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_HOST_NAME")); - } else if (name.equals(CONFIG_LDAP_PORT)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_PORT_NUMBER")); - } else if (name.equals(CONFIG_LDAP_SEC_CONN)) { - return new Descriptor(IDescriptor.BOOLEAN, - null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_SECURE_CONN")); - } else if (name.equals(CONFIG_LDAP_VER)) { - return new Descriptor(IDescriptor.CHOICE, CONFIG_LDAP_VERS, - "3", - CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_VERSION")); - } else if (name.equals(CONFIG_LDAP_BASEDN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_BASEDN")); - } else if (name.equals(CONFIG_LDAP_MIN_CONN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_MIN_CONN")); - } else if (name.equals(CONFIG_LDAP_MAX_CONN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_MAX_CONN")); - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - CMS.debug("nsNKeySubjectNameDefault: in getValueDescriptor name=" + name); - - if (name.equals(VAL_NAME)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - - CMS.debug("nsNKeySubjectNameDefault: in setValue, value=" + value); - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_NAME)) { - X500Name x500name = null; - - try { - x500name = new X500Name(value); - } catch (IOException e) { - CMS.debug("nsNKeySubjectNameDefault: setValue " + e.toString()); - // failed to build x500 name - } - CMS.debug("nsNKeySubjectNameDefault: setValue name=" + x500name); - try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("nsNKeySubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - CMS.debug("nsNKeySubjectNameDefault: in getValue, name=" + name); - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_NAME)) { - CertificateSubjectName sn = null; - - try { - CMS.debug("nsNKeySubjectNameDefault: getValue info=" + info); - sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); - CMS.debug("nsNKeySubjectNameDefault: getValue name=" + sn); - return sn.toString(); - } catch (Exception e) { - // nothing - CMS.debug("nsNKeySubjectNameDefault: getValue " + e.toString()); - - } - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - CMS.debug("nsNKeySubjectNameDefault: in getText"); - return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", - getConfig(CONFIG_DNPATTERN)); - } - - public void ldapInit() - throws EProfileException { - if (mInitialized == true) - return; - - CMS.debug("nsNKeySubjectNameDefault: ldapInit(): begin"); - - try { - // cfu - XXX do more error handling here later - /* initialize ldap server configuration */ - mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS); - mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP); - mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null); - mConnFactory = CMS.getLdapAnonConnFactory(); - mConnFactory.init(mLdapConfig); - - /* initialize dn pattern */ - String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null); - - if (pattern == null || pattern.length() == 0) - pattern = DEFAULT_DNPATTERN; - - /* initialize ldap string attribute list */ - String ldapStringAttrs = mParamsConfig.getString(CONFIG_LDAP_STRING_ATTRS, null); - - if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) { - StringTokenizer pAttrs = - new StringTokenizer(ldapStringAttrs, ",", false); - - mLdapStringAttrs = new String[pAttrs.countTokens()]; - - for (int i = 0; i < mLdapStringAttrs.length; i++) { - mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim(); - } - } - CMS.debug("nsNKeySubjectNameDefault: ldapInit(): done"); - mInitialized = true; - } catch (Exception e) { - CMS.debug("nsNKeySubjectNameDefault: ldapInit(): " + e.toString()); - // throw EProfileException... - throw new EProfileException("ldap init failure: " + e.toString()); - } - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - X500Name name = null; - CMS.debug("nsNKeySubjectNameDefault: in populate"); - ldapInit(); - try { - // cfu - this goes to ldap - String subjectName = getSubjectName(request); - CMS.debug("subjectName=" + subjectName); - if (subjectName == null || subjectName.equals("")) - return; - - name = new X500Name(subjectName); - } catch (IOException e) { - // failed to build x500 name - CMS.debug("nsNKeySubjectNameDefault: populate " + e.toString()); - } - if (name == null) { - // failed to build x500 name - } - try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(name)); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("nsNKeySubjectNameDefault: populate " + e.toString()); - } - } - - private String getSubjectName(IRequest request) - throws EProfileException, IOException { - - CMS.debug("nsNKeySubjectNameDefault: in getSubjectName"); - - String pattern = getConfig(CONFIG_DNPATTERN); - if (pattern == null || pattern.equals("")) { - pattern = " "; - } - - LDAPConnection conn = null; - String userdn = null; - String sbjname = ""; - // get DN from ldap to fill request - try { - if (mConnFactory == null) { - conn = null; - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): no LDAP connection"); - throw new EProfileException("no LDAP connection"); - } else { - conn = mConnFactory.getConn(); - if (conn == null) { - CMS.debug("nsNKeySubjectNameDefault::getSubjectName() - " + - "no LDAP connection"); - throw new EProfileException("no LDAP connection"); - } - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): got LDAP connection"); - } - - if (request != null) { - CMS.debug("pattern = " + pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): subject name mapping done"); - } else { - CMS.debug("nsNKeySubjectNameDefault::getSubjectName() - " + - "request is null!"); - throw new EProfileException("request is null"); - } - // retrieve the attributes - // get user dn. - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with basedn = " + mBaseDN); - LDAPSearchResults res = conn.search(mBaseDN, - LDAPv2.SCOPE_SUB, "(aoluid=" + request.getExtDataInString("aoluid") + ")", null, false); - - if (res.hasMoreElements()) { - LDAPEntry entry = res.next(); - - userdn = entry.getDN(); - } else {// put into property file later - cfu - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): screen name does not exist"); - throw new EProfileException("screenname does not exist"); - } - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): retrieved entry for aoluid = " - + request.getExtDataInString("aoluid")); - ; - - LDAPEntry entry = null; - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with " - + mLdapStringAttrs.length + " attributes"); - LDAPSearchResults results = - conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", - mLdapStringAttrs, false); - - if (!results.hasMoreElements()) { - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): no attributes"); - throw new EProfileException("no ldap attributes found"); - } - entry = results.next(); - // set attrs into request - for (int i = 0; i < mLdapStringAttrs.length; i++) { - LDAPAttribute la = - entry.getAttribute(mLdapStringAttrs[i]); - if (la != null) { - String[] sla = la.getStringValueArray(); - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): got attribute: " + sla[0]); - request.setExtData(mLdapStringAttrs[i], sla[0]); - } - } - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): attributes set in request"); - } catch (Exception e) { - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): " + e.toString()); - throw new EProfileException("getSubjectName() failure: " + e.toString()); - } finally { - try { - if (conn != null) - mConnFactory.returnConn(conn); - } catch (Exception e) { - throw new EProfileException("nsNKeySubjectNameDefault: getSubjectName(): connection return failure"); - } - } - return sbjname; - - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java deleted file mode 100644 index 77fa417f6..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java +++ /dev/null @@ -1,215 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -import java.io.IOException; -import java.util.Locale; - -import netscape.security.x509.CertificateSubjectName; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates server-side configurable subject name - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { - - public static final String PROP_PARAMS = "params"; - public static final String CONFIG_DNPATTERN = "dnpattern"; - - public static final String VAL_NAME = "name"; - - /* default dn pattern if left blank or not set in the config */ - protected static String DEFAULT_DNPATTERN = - "Token Key Device - $request.tokencuid$"; - - protected IConfigStore mParamsConfig; - - public nsTokenDeviceKeySubjectNameDefault() { - super(); - addConfigName(CONFIG_DNPATTERN); - - addValueName(CONFIG_DNPATTERN); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getConfigDescriptor, name=" + name); - if (name.equals(CONFIG_DNPATTERN)) { - return new Descriptor(IDescriptor.STRING, - null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValueDescriptor name=" + name); - - if (name.equals(VAL_NAME)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in setValue, value=" + value); - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_NAME)) { - X500Name x500name = null; - - try { - x500name = new X500Name(value); - } catch (IOException e) { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue " + e.toString()); - // failed to build x500 name - } - CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue name=" + x500name); - try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValue, name=" + name); - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_NAME)) { - CertificateSubjectName sn = null; - - try { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: getValue info=" + info); - sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); - CMS.debug("nsTokenDeviceKeySubjectNameDefault: getValue name=" + sn); - return sn.toString(); - } catch (Exception e) { - // nothing - CMS.debug("nsTokenDeviceKeySubjectNameDefault: getValue " + e.toString()); - - } - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getText"); - return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", - getConfig(CONFIG_DNPATTERN)); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - X500Name name = null; - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in populate"); - - try { - String subjectName = getSubjectName(request); - CMS.debug("subjectName=" + subjectName); - if (subjectName == null || subjectName.equals("")) - return; - - name = new X500Name(subjectName); - } catch (IOException e) { - // failed to build x500 name - CMS.debug("nsTokenDeviceKeySubjectNameDefault: populate " + e.toString()); - } - if (name == null) { - // failed to build x500 name - } - try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(name)); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("nsTokenDeviceKeySubjectNameDefault: populate " + e.toString()); - } - } - - private String getSubjectName(IRequest request) - throws EProfileException, IOException { - - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getSubjectName"); - - String pattern = getConfig(CONFIG_DNPATTERN); - if (pattern == null || pattern.equals("")) { - pattern = " "; - } - - String sbjname = ""; - - if (request != null) { - CMS.debug("pattern = " + pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsTokenDeviceKeySubjectNameDefault: getSubjectName(): subject name mapping done"); - } - - return sbjname; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java deleted file mode 100644 index 65adabfad..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java +++ /dev/null @@ -1,456 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.def; - -//ldap java sdk -import java.io.IOException; -import java.util.Locale; -import java.util.StringTokenizer; - -import netscape.ldap.LDAPAttribute; -import netscape.ldap.LDAPConnection; -import netscape.ldap.LDAPEntry; -import netscape.ldap.LDAPSearchResults; -import netscape.ldap.LDAPv2; -import netscape.security.x509.CertificateSubjectName; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.ldap.ILdapConnFactory; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements an enrollment default policy - * that populates server-side configurable subject name - * into the certificate template. - * - * @version $Revision$, $Date$ - */ -public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { - - public static final String PROP_LDAP = "ldap"; - public static final String PROP_PARAMS = "params"; - public static final String CONFIG_DNPATTERN = "dnpattern"; - public static final String CONFIG_LDAP_ENABLE = "ldap.enable"; - public static final String CONFIG_LDAP_SEARCH_NAME = "ldap.searchName"; - public static final String CONFIG_LDAP_STRING_ATTRS = "ldapStringAttributes"; - public static final String CONFIG_LDAP_HOST = "ldap.ldapconn.host"; - public static final String CONFIG_LDAP_PORT = "ldap.ldapconn.port"; - public static final String CONFIG_LDAP_SEC_CONN = "ldap.ldapconn.secureConn"; - public static final String CONFIG_LDAP_VER = "ldap.ldapconn.Version"; - public static final String CONFIG_LDAP_BASEDN = "ldap.basedn"; - public static final String CONFIG_LDAP_MIN_CONN = "ldap.minConns"; - public static final String CONFIG_LDAP_MAX_CONN = "ldap.maxConns"; - - public static final String VAL_NAME = "name"; - - public static final String CONFIG_LDAP_VERS = - "2,3"; - - /* default dn pattern if left blank or not set in the config */ - protected static String DEFAULT_DNPATTERN = - "CN=$request.uid$, E=$request.mail$"; - - /* ldap configuration sub-store */ - boolean mldapInitialized = false; - boolean mldapEnabled = false; - protected IConfigStore mInstConfig; - protected IConfigStore mLdapConfig; - protected IConfigStore mParamsConfig; - - /* ldap base dn */ - protected String mBaseDN = null; - - /* factory of anonymous ldap connections */ - protected ILdapConnFactory mConnFactory = null; - - /* the list of LDAP attributes with string values to retrieve to - * form the subject dn. */ - protected String[] mLdapStringAttrs = null; - - public nsTokenUserKeySubjectNameDefault() { - super(); - addConfigName(CONFIG_DNPATTERN); - addConfigName(CONFIG_LDAP_ENABLE); - addConfigName(CONFIG_LDAP_SEARCH_NAME); - addConfigName(CONFIG_LDAP_STRING_ATTRS); - addConfigName(CONFIG_LDAP_HOST); - addConfigName(CONFIG_LDAP_PORT); - addConfigName(CONFIG_LDAP_SEC_CONN); - addConfigName(CONFIG_LDAP_VER); - addConfigName(CONFIG_LDAP_BASEDN); - addConfigName(CONFIG_LDAP_MIN_CONN); - addConfigName(CONFIG_LDAP_MAX_CONN); - - addValueName(CONFIG_DNPATTERN); - addValueName(CONFIG_LDAP_ENABLE); - addValueName(CONFIG_LDAP_SEARCH_NAME); - addValueName(CONFIG_LDAP_STRING_ATTRS); - addValueName(CONFIG_LDAP_HOST); - addValueName(CONFIG_LDAP_PORT); - addValueName(CONFIG_LDAP_SEC_CONN); - addValueName(CONFIG_LDAP_VER); - addValueName(CONFIG_LDAP_BASEDN); - addValueName(CONFIG_LDAP_MIN_CONN); - addValueName(CONFIG_LDAP_MAX_CONN); - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - mInstConfig = config; - super.init(profile, config); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - CMS.debug("nsTokenUserKeySubjectNameDefault: in getConfigDescriptor, name=" + name); - if (name.equals(CONFIG_DNPATTERN)) { - return new Descriptor(IDescriptor.STRING, - null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); - } else if (name.equals(CONFIG_LDAP_STRING_ATTRS)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_STRING_ATTRS")); - } else if (name.equals(CONFIG_LDAP_ENABLE)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_ENABLE")); - } else if (name.equals(CONFIG_LDAP_SEARCH_NAME)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_SEARCH_NAME")); - } else if (name.equals(CONFIG_LDAP_HOST)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_HOST_NAME")); - } else if (name.equals(CONFIG_LDAP_PORT)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_PORT_NUMBER")); - } else if (name.equals(CONFIG_LDAP_SEC_CONN)) { - return new Descriptor(IDescriptor.BOOLEAN, - null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_SECURE_CONN")); - } else if (name.equals(CONFIG_LDAP_VER)) { - return new Descriptor(IDescriptor.CHOICE, CONFIG_LDAP_VERS, - "3", - CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_VERSION")); - } else if (name.equals(CONFIG_LDAP_BASEDN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_BASEDN")); - } else if (name.equals(CONFIG_LDAP_MIN_CONN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_MIN_CONN")); - } else if (name.equals(CONFIG_LDAP_MAX_CONN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_MAX_CONN")); - } else { - return null; - } - } - - public IDescriptor getValueDescriptor(Locale locale, String name) { - CMS.debug("nsTokenUserKeySubjectNameDefault: in getValueDescriptor name=" + name); - - if (name.equals(VAL_NAME)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); - } else { - return null; - } - } - - public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - - CMS.debug("nsTokenUserKeySubjectNameDefault: in setValue, value=" + value); - - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_NAME)) { - X500Name x500name = null; - - try { - x500name = new X500Name(value); - } catch (IOException e) { - CMS.debug("nsTokenUserKeySubjectNameDefault: setValue " + e.toString()); - // failed to build x500 name - } - CMS.debug("nsTokenUserKeySubjectNameDefault: setValue name=" + x500name); - try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("nsTokenUserKeySubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - CMS.debug("nsTokenUserKeySubjectNameDefault: in getValue, name=" + name); - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - if (name.equals(VAL_NAME)) { - CertificateSubjectName sn = null; - - try { - CMS.debug("nsTokenUserKeySubjectNameDefault: getValue info=" + info); - sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); - CMS.debug("nsTokenUserKeySubjectNameDefault: getValue name=" + sn); - return sn.toString(); - } catch (Exception e) { - // nothing - CMS.debug("nsTokenUserKeySubjectNameDefault: getValue " + e.toString()); - - } - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } - } - - public String getText(Locale locale) { - CMS.debug("nsTokenUserKeySubjectNameDefault: in getText"); - return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", - getConfig(CONFIG_DNPATTERN)); - } - - public void ldapInit() - throws EProfileException { - if (mldapInitialized == true) - return; - - CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): begin"); - - try { - // cfu - XXX do more error handling here later - /* initialize ldap server configuration */ - mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS); - mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP); - mldapEnabled = mParamsConfig.getBoolean(CONFIG_LDAP_ENABLE, - false); - if (mldapEnabled == false) - return; - - mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null); - mConnFactory = CMS.getLdapAnonConnFactory(); - mConnFactory.init(mLdapConfig); - - /* initialize dn pattern */ - String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null); - - if (pattern == null || pattern.length() == 0) - pattern = DEFAULT_DNPATTERN; - - /* initialize ldap string attribute list */ - String ldapStringAttrs = mParamsConfig.getString(CONFIG_LDAP_STRING_ATTRS, null); - - if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) { - StringTokenizer pAttrs = - new StringTokenizer(ldapStringAttrs, ",", false); - - mLdapStringAttrs = new String[pAttrs.countTokens()]; - - for (int i = 0; i < mLdapStringAttrs.length; i++) { - mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim(); - } - } - CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): done"); - mldapInitialized = true; - } catch (Exception e) { - CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): " + e.toString()); - // throw EProfileException... - throw new EProfileException("ldap init failure: " + e.toString()); - } - } - - /** - * Populates the request with this policy default. - */ - public void populate(IRequest request, X509CertInfo info) - throws EProfileException { - X500Name name = null; - CMS.debug("nsTokenUserKeySubjectNameDefault: in populate"); - ldapInit(); - try { - // cfu - this goes to ldap - String subjectName = getSubjectName(request); - CMS.debug("subjectName=" + subjectName); - if (subjectName == null || subjectName.equals("")) - return; - - name = new X500Name(subjectName); - } catch (IOException e) { - // failed to build x500 name - CMS.debug("nsTokenUserKeySubjectNameDefault: populate " + e.toString()); - } - if (name == null) { - // failed to build x500 name - } - try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(name)); - } catch (Exception e) { - // failed to insert subject name - CMS.debug("nsTokenUserKeySubjectNameDefault: populate " + e.toString()); - } - } - - private String getSubjectName(IRequest request) - throws EProfileException, IOException { - - CMS.debug("nsTokenUserKeySubjectNameDefault: in getSubjectName"); - - String pattern = getConfig(CONFIG_DNPATTERN); - if (pattern == null || pattern.equals("")) { - pattern = " "; - } - String sbjname = ""; - - if (mldapInitialized == false) { - if (request != null) { - CMS.debug("pattern = " + pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done"); - } - return sbjname; - } - - // ldap is initialized, do more substitution - String searchName = getConfig(CONFIG_LDAP_SEARCH_NAME); - if (searchName == null || searchName.equals("")) { - searchName = "uid"; - } - - LDAPConnection conn = null; - String userdn = null; - // get DN from ldap to fill request - try { - if (mConnFactory == null) { - conn = null; - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): no LDAP connection"); - throw new EProfileException("no LDAP connection"); - } else { - conn = mConnFactory.getConn(); - if (conn == null) { - CMS.debug("nsTokenUserKeySubjectNameDefault::getSubjectName() - " + - "no LDAP connection"); - throw new EProfileException("no LDAP connection"); - } - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got LDAP connection"); - } - // retrieve the attributes - // get user dn. - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with basedn = " + mBaseDN); - LDAPSearchResults res = conn.search(mBaseDN, - LDAPv2.SCOPE_SUB, "(" + searchName + "=" + request.getExtDataInString("uid") + ")", null, false); - - if (res.hasMoreElements()) { - LDAPEntry entry = res.next(); - - userdn = entry.getDN(); - } else {// put into property file later - cfu - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): " + searchName + " does not exist"); - throw new EProfileException("id does not exist"); - } - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): retrieved entry for " - + searchName + " = " + request.getExtDataInString("uid")); - - LDAPEntry entry = null; - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with " - + mLdapStringAttrs.length + " attributes"); - LDAPSearchResults results = - conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", - mLdapStringAttrs, false); - - if (!results.hasMoreElements()) { - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): no attributes"); - throw new EProfileException("no ldap attributes found"); - } - entry = results.next(); - // set attrs into request - for (int i = 0; i < mLdapStringAttrs.length; i++) { - LDAPAttribute la = - entry.getAttribute(mLdapStringAttrs[i]); - if (la != null) { - String[] sla = la.getStringValueArray(); - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got attribute: " - + mLdapStringAttrs[i] + - "=" + escapeValueRfc1779(sla[0], false).toString()); - request.setExtData(mLdapStringAttrs[i], escapeValueRfc1779(sla[0], false).toString()); - } - } - CMS.debug("pattern = " + pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done"); - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): attributes set in request"); - - } catch (Exception e) { - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): " + e.toString()); - throw new EProfileException("getSubjectName() failure: " + e.toString()); - } finally { - try { - if (conn != null) - mConnFactory.returnConn(conn); - } catch (Exception e) { - throw new EProfileException( - "nsTokenUserKeySubjectNameDefault: getSubjectName(): connection return failure"); - } - } - return sbjname; - - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java deleted file mode 100644 index 77d4b1ce0..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java +++ /dev/null @@ -1,122 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.input; - -import java.util.Locale; - -import netscape.security.x509.X509CertInfo; - -import org.mozilla.jss.pkix.cmc.TaggedRequest; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfileContext; -import com.netscape.certsrv.profile.IProfileInput; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.common.EnrollProfile; - -/** - * This class implements the certificate request input. - * This input populates 2 main fields to the enrollment page: - * 1/ Certificate Request Type, 2/ Certificate Request - * <p> - * - * This input usually is used by an enrollment profile for certificate requests. - * - * @version $Revision$, $Date$ - */ -public class CMCCertReqInput extends EnrollInput implements IProfileInput { - public static final String VAL_CERT_REQUEST_TYPE = - EnrollProfile.CTX_CERT_REQUEST_TYPE; - public static final String VAL_CERT_REQUEST = - EnrollProfile.CTX_CERT_REQUEST; - - public EnrollProfile mEnrollProfile = null; - - public CMCCertReqInput() { - addValueName(VAL_CERT_REQUEST); - } - - /** - * Initializes this default policy. - */ - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - - mEnrollProfile = (EnrollProfile) profile; - } - - /** - * Retrieves the localizable name of this policy. - */ - public String getName(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_CERT_REQ_NAME"); - } - - /** - * Retrieves the localizable description of this policy. - */ - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_CERT_REQ_TEXT"); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { - String cert_request = ctx.get(VAL_CERT_REQUEST); - X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); - - TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), cert_request); - - if (msgs == null) { - return; - } - // This profile only handle the first request in CRMF - Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); - if (seqNum == null) { - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_SEQ_NUM")); - } - - mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request); - request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); - } - - /** - * Retrieves the descriptor of the given value - * parameter by name. - */ - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CERT_REQUEST)) { - return new Descriptor(IDescriptor.CERT_REQUEST, null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_CERT_REQ")); - } - return null; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java deleted file mode 100644 index 0b7e9f071..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java +++ /dev/null @@ -1,185 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.input; - -import java.util.Locale; - -import netscape.security.pkcs.PKCS10; -import netscape.security.util.DerInputStream; -import netscape.security.x509.X509CertInfo; - -import org.mozilla.jss.pkix.cmc.TaggedRequest; -import org.mozilla.jss.pkix.crmf.CertReqMsg; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfileContext; -import com.netscape.certsrv.profile.IProfileInput; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.common.EnrollProfile; - -/** - * This class implements the certificate request input. - * This input populates 2 main fields to the enrollment page: - * 1/ Certificate Request Type, 2/ Certificate Request - * <p> - * - * This input usually is used by an enrollment profile for certificate requests. - * - * @version $Revision$, $Date$ - */ -public class CertReqInput extends EnrollInput implements IProfileInput { - public static final String VAL_CERT_REQUEST_TYPE = - EnrollProfile.CTX_CERT_REQUEST_TYPE; - public static final String VAL_CERT_REQUEST = - EnrollProfile.CTX_CERT_REQUEST; - - public EnrollProfile mEnrollProfile = null; - - public CertReqInput() { - addValueName(VAL_CERT_REQUEST_TYPE); - addValueName(VAL_CERT_REQUEST); - } - - /** - * Initializes this default policy. - */ - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - - mEnrollProfile = (EnrollProfile) profile; - } - - /** - * Retrieves the localizable name of this policy. - */ - public String getName(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_CERT_REQ_NAME"); - } - - /** - * Retrieves the localizable description of this policy. - */ - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_CERT_REQ_TEXT"); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { - String cert_request_type = ctx.get(VAL_CERT_REQUEST_TYPE); - String cert_request = ctx.get(VAL_CERT_REQUEST); - X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); - - if (cert_request_type == null) { - CMS.debug("CertReqInput: populate - invalid cert request type " + - ""); - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", - "")); - } - - if (cert_request_type.equals(EnrollProfile.REQ_TYPE_PKCS10)) { - PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), cert_request); - - if (pkcs10 == null) { - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); - } - - mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request); - } else if (cert_request_type.startsWith(EnrollProfile.REQ_TYPE_KEYGEN)) { - DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), cert_request); - - if (keygen == null) { - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); - } - - mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request); - } else if (cert_request_type.startsWith(EnrollProfile.REQ_TYPE_CRMF)) { - CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), cert_request); - - if (msgs == null) { - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); - } - for (int x = 0; x < msgs.length; x++) { - verifyPOP(getLocale(request), msgs[x]); - } - // This profile only handle the first request in CRMF - Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); - - mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request - ); - } else if (cert_request_type.startsWith(EnrollProfile.REQ_TYPE_CMC)) { - TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), cert_request); - - if (msgs == null) { - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); - } - // This profile only handle the first request in CRMF - Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); - if (seqNum == null) { - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_SEQ_NUM")); - } - - mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request); - } else { - // error - CMS.debug("CertReqInput: populate - invalid cert request type " + - cert_request_type); - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", - cert_request_type)); - } - request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); - } - - /** - * Retrieves the descriptor of the given value - * parameter by name. - */ - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CERT_REQUEST_TYPE)) { - return new Descriptor(IDescriptor.CERT_REQUEST_TYPE, null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_CERT_REQ_TYPE")); - } else if (name.equals(VAL_CERT_REQUEST)) { - return new Descriptor(IDescriptor.CERT_REQUEST, null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_CERT_REQ")); - } - return null; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java b/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java deleted file mode 100644 index 18b9ecf52..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java +++ /dev/null @@ -1,163 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.input; - -import java.util.Locale; - -import netscape.security.pkcs.PKCS10; -import netscape.security.util.DerInputStream; -import netscape.security.x509.X509CertInfo; - -import org.mozilla.jss.pkix.crmf.CertReqMsg; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfileContext; -import com.netscape.certsrv.profile.IProfileInput; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.common.EnrollProfile; - -/** - * This class implements the dual key generation input. - * This input populates parameters to the enrollment - * pages so that a CRMF request containing 2 certificate - * requests will be generated. - * <p> - * - * This input can only be used with Netscape 7.x or later clients. - * <p> - * - * @version $Revision$, $Date$ - */ -public class DualKeyGenInput extends EnrollInput implements IProfileInput { - - public static final String VAL_KEYGEN_REQUEST_TYPE = - EnrollProfile.CTX_CERT_REQUEST_TYPE; - public static final String VAL_KEYGEN_REQUEST = - EnrollProfile.CTX_CERT_REQUEST; - - public EnrollProfile mEnrollProfile = null; - - public DualKeyGenInput() { - addValueName(VAL_KEYGEN_REQUEST_TYPE); - addValueName(VAL_KEYGEN_REQUEST); - } - - /** - * Initializes this default policy. - */ - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - mEnrollProfile = (EnrollProfile) profile; - } - - /** - * Retrieves the localizable name of this policy. - */ - public String getName(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_DUAL_KEY_NAME"); - } - - /** - * Retrieves the localizable description of this policy. - */ - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_DUAL_KEY_TEXT"); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { - String keygen_request_type = ctx.get(VAL_KEYGEN_REQUEST_TYPE); - String keygen_request = ctx.get(VAL_KEYGEN_REQUEST); - - X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); - - if (keygen_request_type == null) { - CMS.debug("DualKeyGenInput: populate - invalid cert request type " + - ""); - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", - "")); - } - if (keygen_request_type.startsWith("pkcs10")) { - PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request); - - mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request); - } else if (keygen_request_type.startsWith("keygen")) { - DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), keygen_request); - - mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request); - } else if (keygen_request_type.startsWith("crmf")) { - CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), keygen_request); - - if (msgs == null) { - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); - } - for (int x = 0; x < msgs.length; x++) { - verifyPOP(getLocale(request), msgs[x]); - } - // This profile only handle the first request in CRMF - Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); - - if (seqNum == null) { - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_SEQ_NUM")); - } - - mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request); - } else { - // error - CMS.debug("DualKeyGenInput: populate - " + - "invalid cert request type " + keygen_request_type); - throw new EProfileException(CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", - keygen_request_type)); - } - request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); - } - - /** - * Retrieves the descriptor of the given value - * parameter by name. - */ - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_KEYGEN_REQUEST_TYPE)) { - return new Descriptor(IDescriptor.DUAL_KEYGEN_REQUEST_TYPE, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ_TYPE")); - } else if (name.equals(VAL_KEYGEN_REQUEST)) { - return new Descriptor(IDescriptor.DUAL_KEYGEN_REQUEST, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ")); - } - return null; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/input/EncryptionKeyGenInput.java b/pki/base/common/src/com/netscape/cms/profile/input/EncryptionKeyGenInput.java deleted file mode 100644 index d59629f78..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/input/EncryptionKeyGenInput.java +++ /dev/null @@ -1,184 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.input; - -import java.util.Locale; - -import netscape.security.pkcs.PKCS10; -import netscape.security.util.DerInputStream; -import netscape.security.x509.X509CertInfo; - -import org.mozilla.jss.pkix.cmc.TaggedRequest; -import org.mozilla.jss.pkix.crmf.CertReqMsg; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfileContext; -import com.netscape.certsrv.profile.IProfileInput; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.common.EnrollProfile; - -/** - * This class implements the key generation input that - * populates parameters to the enrollment page for - * key generation. - * <p> - * - * This input normally is used with user-based or non certificate request profile. - * <p> - * - * @version $Revision$, $Date$ - */ -public class EncryptionKeyGenInput extends EnrollInput implements IProfileInput { - - public static final String VAL_KEYGEN_REQUEST_TYPE = - EnrollProfile.CTX_CERT_REQUEST_TYPE; - public static final String VAL_KEYGEN_REQUEST = - EnrollProfile.CTX_CERT_REQUEST; - - public EnrollProfile mEnrollProfile = null; - - public EncryptionKeyGenInput() { - addValueName(VAL_KEYGEN_REQUEST_TYPE); - addValueName(VAL_KEYGEN_REQUEST); - } - - /** - * Initializes this default policy. - */ - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - mEnrollProfile = (EnrollProfile) profile; - } - - /** - * Retrieves the localizable name of this policy. - */ - public String getName(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_ENC_KEY_GEN_NAME"); - } - - /** - * Retrieves the localizable description of this policy. - */ - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_ENC_KEY_GEN_TEXT"); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { - String keygen_request_type = ctx.get(VAL_KEYGEN_REQUEST_TYPE); - String keygen_request = ctx.get(VAL_KEYGEN_REQUEST); - - X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); - - if (keygen_request_type == null) { - CMS.debug("EncryptionKeyGenInput: populate - invalid cert request type " + - ""); - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", - "")); - } - if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_PKCS10)) { - PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request); - - if (pkcs10 == null) { - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); - } - - mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request); - } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_KEYGEN)) { - DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), keygen_request); - - if (keygen == null) { - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); - } - - mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request); - } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_CRMF)) { - CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), keygen_request); - - if (msgs == null) { - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); - } - for (int x = 0; x < msgs.length; x++) { - verifyPOP(getLocale(request), msgs[x]); - } - // This profile only handle the first request in CRMF - Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); - - mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request); - } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_CMC)) { - TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), keygen_request); - - if (msgs == null) { - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); - } - // This profile only handle the first request in CRMF - Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); - - if (seqNum == null) { - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_SEQ_NUM")); - } - - mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request); - } else { - // error - CMS.debug("EncryptionKeyGenInput: populate - " + - "invalid cert request type " + keygen_request_type); - throw new EProfileException(CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", - keygen_request_type)); - } - request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); - } - - /** - * Retrieves the descriptor of the given value - * parameter by name. - */ - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_KEYGEN_REQUEST_TYPE)) { - return new Descriptor(IDescriptor.ENC_KEYGEN_REQUEST_TYPE, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ_TYPE")); - } else if (name.equals(VAL_KEYGEN_REQUEST)) { - return new Descriptor(IDescriptor.ENC_KEYGEN_REQUEST, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ")); - } - return null; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java b/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java deleted file mode 100644 index c4269ba7d..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java +++ /dev/null @@ -1,303 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.input; - -import java.util.Enumeration; -import java.util.Locale; -import java.util.Vector; - -import org.mozilla.jss.CryptoManager; -import org.mozilla.jss.crypto.CryptoToken; -import org.mozilla.jss.pkix.crmf.CertReqMsg; -import org.mozilla.jss.pkix.crmf.ProofOfPossession; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.base.SessionContext; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfileContext; -import com.netscape.certsrv.profile.IProfileInput; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.common.EnrollProfile; - -/** - * This class implements the base enrollment input. - * - * @version $Revision$, $Date$ - */ -public abstract class EnrollInput implements IProfileInput { - - private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = - "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; - - protected IConfigStore mConfig = null; - protected Vector<String> mValueNames = new Vector<String>(); - protected Vector<String> mConfigNames = new Vector<String>(); - protected IProfile mProfile = null; - - protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); - - /** - * Initializes this default policy. - */ - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - mConfig = config; - mProfile = profile; - } - - public IConfigStore getConfigStore() { - return mConfig; - } - - /** - * Populates the request with this policy default. - * - * @param ctx profile context - * @param request request - * @exception EProfileException failed to populate - */ - public abstract void populate(IProfileContext ctx, IRequest request) - throws EProfileException; - - /** - * Retrieves the localizable name of this policy. - * - * @param locale user locale - * @return localized input name - */ - public abstract String getName(Locale locale); - - /** - * Retrieves the localizable description of this policy. - * - * @param locale user locale - * @return localized input description - */ - public abstract String getText(Locale locale); - - /** - * Retrieves the descriptor of the given value - * property by name. - * - * @param locale user locale - * @param name property name - * @return descriptor of the property - */ - public abstract IDescriptor getValueDescriptor(Locale locale, String name); - - public void addValueName(String name) { - mValueNames.addElement(name); - } - - /** - * Retrieves a list of names of the value parameter. - */ - public Enumeration<String> getValueNames() { - return mValueNames.elements(); - } - - public void addConfigName(String name) { - mConfigNames.addElement(name); - } - - public Enumeration<String> getConfigNames() { - return mConfigNames.elements(); - } - - public void setConfig(String name, String value) - throws EPropertyException { - if (mConfig.getSubStore("params") == null) { - // - } else { - mConfig.getSubStore("params").putString(name, value); - } - } - - public String getConfig(String name) { - try { - if (mConfig == null) { - return null; - } - if (mConfig.getSubStore("params") != null) { - return mConfig.getSubStore("params").getString(name); - } - } catch (EBaseException e) { - } - return ""; - } - - public String getDefaultConfig(String name) { - return null; - } - - public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { - return request.getExtDataInString(name); - } - - /** - * Sets the value of the given value parameter by name. - */ - public void setValue(String name, Locale locale, IRequest request, - String value) throws EPropertyException { - request.setExtData(name, value); - } - - public Locale getLocale(IRequest request) { - Locale locale = null; - String language = request.getExtDataInString( - EnrollProfile.REQUEST_LOCALE); - if (language != null) { - locale = new Locale(language); - } - return locale; - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - return null; - } - - public void verifyPOP(Locale locale, CertReqMsg certReqMsg) - throws EProfileException { - CMS.debug("EnrollInput ::in verifyPOP"); - - String auditMessage = null; - String auditSubjectID = auditSubjectID(); - - if (!certReqMsg.hasPop()) { - CMS.debug("CertReqMsg has not POP, return"); - return; - } - ProofOfPossession pop = certReqMsg.getPop(); - ProofOfPossession.Type popType = pop.getType(); - - if (popType != ProofOfPossession.SIGNATURE) { - CMS.debug("not POP SIGNATURE, return"); - return; - } - - try { - if (CMS.getConfigStore().getBoolean("cms.skipPOPVerify", false)) { - CMS.debug("skipPOPVerify on, return"); - return; - } - CMS.debug("POP verification begins:"); - CryptoManager cm = CryptoManager.getInstance(); - - CryptoToken verifyToken = null; - String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", "internal"); - if (tokenName.equals("internal")) { - CMS.debug("POP verification using internal token"); - certReqMsg.verify(); - } else { - CMS.debug("POP verification using token:" + tokenName); - verifyToken = cm.getTokenByName(tokenName); - certReqMsg.verify(verifyToken); - } - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.SUCCESS); - audit(auditMessage); - } catch (Exception e) { - - CMS.debug("Failed POP verify! " + e.toString()); - CMS.debug(e); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.FAILURE); - - audit(auditMessage); - - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_POP_VERIFICATION_ERROR")); - } - } - - /** - * Signed Audit Log - * - * This method is inherited by all extended "CMSServlet"s, - * and is called to store messages to the signed audit log. - * <P> - * - * @param msg signed audit log message - */ - protected void audit(String msg) { - // in this case, do NOT strip preceding/trailing whitespace - // from passed-in String parameters - - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); - } - - /** - * Signed Audit Log Subject ID - * - * This method is inherited by all extended "CMSServlet"s, - * and is called to obtain the "SubjectID" for - * a signed audit log message. - * <P> - * - * @return id string containing the signed audit log message SubjectID - */ - protected String auditSubjectID() { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } - - String subjectID = null; - - // Initialize subjectID - SessionContext auditContext = SessionContext.getExistingContext(); - - if (auditContext != null) { - subjectID = (String) - auditContext.get(SessionContext.USER_ID); - - if (subjectID != null) { - subjectID = subjectID.trim(); - } else { - subjectID = ILogger.NONROLEUSER; - } - } else { - subjectID = ILogger.UNIDENTIFIED; - } - - return subjectID; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java b/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java deleted file mode 100644 index 357488186..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java +++ /dev/null @@ -1,143 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.input; - -import java.io.BufferedInputStream; -import java.net.URL; -import java.net.URLConnection; -import java.security.MessageDigest; -import java.util.Locale; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfileContext; -import com.netscape.certsrv.profile.IProfileInput; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements the image - * input that collects a picture. - * <p> - * - * @version $Revision$, $Date$ - */ -public class FileSigningInput extends EnrollInput implements IProfileInput { - - public static final String URL = "file_signing_url"; - public static final String TEXT = "file_signing_text"; - public static final String SIZE = "file_signing_size"; - public static final String DIGEST = "file_signing_digest"; - public static final String DIGEST_TYPE = "file_signing_digest_type"; - - public FileSigningInput() { - addValueName(URL); - addValueName(TEXT); - } - - /** - * Initializes this default policy. - */ - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - /** - * Retrieves the localizable name of this policy. - */ - public String getName(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_NAME"); - } - - /** - * Retrieves the localizable description of this policy. - */ - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_TEXT"); - } - - public String toHexString(byte data[]) { - StringBuffer sb = new StringBuffer(); - for (int i = 0; i < data.length; i++) { - int v = data[i] & 0xff; - if (v < 16) { - sb.append("0"); - } - sb.append(Integer.toHexString(v)); - } - return sb.toString(); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { - request.setExtData(TEXT, ctx.get(TEXT)); - request.setExtData(URL, ctx.get(URL)); - request.setExtData(DIGEST_TYPE, "SHA256"); - - try { - // retrieve file and calculate the hash - URL url = new URL(ctx.get(URL)); - URLConnection c = url.openConnection(); - c.setAllowUserInteraction(false); - c.setDoInput(true); - c.setDoOutput(false); - c.setUseCaches(false); - c.connect(); - int len = c.getContentLength(); - request.setExtData(SIZE, Integer.toString(len)); - BufferedInputStream is = new BufferedInputStream(c.getInputStream()); - byte data[] = new byte[len]; - is.read(data, 0, len); - is.close(); - - // calculate digest - MessageDigest digester = MessageDigest.getInstance("SHA256"); - byte digest[] = digester.digest(data); - request.setExtData(DIGEST, toHexString(digest)); - } catch (Exception e) { - CMS.debug("FileSigningInput populate failure " + e); - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_FILE_NOT_FOUND")); - } - } - - /** - * Retrieves the descriptor of the given value - * parameter by name. - */ - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(URL)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_URL")); - } else if (name.equals(TEXT)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_TEXT")); - } - return null; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java b/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java deleted file mode 100644 index e8edfaa6d..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java +++ /dev/null @@ -1,160 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.input; - -import java.util.Enumeration; -import java.util.Locale; -import java.util.Vector; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfileContext; -import com.netscape.certsrv.profile.IProfileInput; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements a generic input. - * <p> - * - * @version $Revision$, $Date$ - */ -public class GenericInput extends EnrollInput implements IProfileInput { - - public static final String CONFIG_NUM = "gi_num"; - public static final String CONFIG_DISPLAY_NAME = "gi_display_name"; - public static final String CONFIG_PARAM_NAME = "gi_param_name"; - public static final String CONFIG_ENABLE = "gi_param_enable"; - - public static final int DEF_NUM = 5; - - public GenericInput() { - int num = getNum(); - for (int i = 0; i < num; i++) { - addConfigName(CONFIG_PARAM_NAME + i); - addConfigName(CONFIG_DISPLAY_NAME + i); - addConfigName(CONFIG_ENABLE + i); - } - } - - protected int getNum() { - int num = DEF_NUM; - String numC = getConfig(CONFIG_NUM); - - if (numC != null) { - try { - num = Integer.parseInt(numC); - } catch (NumberFormatException e) { - // ignore - } - } - return num; - } - - /** - * Initializes this default policy. - */ - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - /** - * Retrieves the localizable name of this policy. - */ - public String getName(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_GENERIC_NAME_NAME"); - } - - /** - * Retrieves the localizable description of this policy. - */ - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_GENERIC_NAME_TEXT"); - } - - /** - * Returns selected value names based on the configuration. - */ - public Enumeration<String> getValueNames() { - Vector<String> v = new Vector<String>(); - int num = getNum(); - for (int i = 0; i < num; i++) { - String enable = getConfig(CONFIG_ENABLE + i); - if (enable != null && enable.equals("true")) { - v.addElement(getConfig(CONFIG_PARAM_NAME + i)); - } - } - return v.elements(); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { - int num = getNum(); - for (int i = 0; i < num; i++) { - String enable = getConfig(CONFIG_ENABLE + i); - if (enable != null && enable.equals("true")) { - String param = getConfig(CONFIG_PARAM_NAME + i); - request.setExtData(param, ctx.get(param)); - } - } - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - int num = getNum(); - for (int i = 0; i < num; i++) { - if (name.equals(CONFIG_PARAM_NAME + i)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_GI_PARAM_NAME") + i); - } else if (name.equals(CONFIG_DISPLAY_NAME + i)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_GI_DISPLAY_NAME") + i); - } else if (name.equals(CONFIG_ENABLE + i)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_GI_ENABLE") + i); - } - } // for - return null; - } - - /** - * Retrieves the descriptor of the given value - * parameter by name. - */ - public IDescriptor getValueDescriptor(Locale locale, String name) { - int num = getNum(); - for (int i = 0; i < num; i++) { - String param = getConfig(CONFIG_PARAM_NAME + i); - if (param != null && param.equals(name)) { - return new Descriptor(IDescriptor.STRING, null, - null, - getConfig(CONFIG_DISPLAY_NAME + i)); - } - } - return null; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java b/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java deleted file mode 100644 index 30570b56c..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java +++ /dev/null @@ -1,89 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.input; - -import java.util.Locale; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfileContext; -import com.netscape.certsrv.profile.IProfileInput; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements the image - * input that collects a picture. - * <p> - * - * @version $Revision$, $Date$ - */ -public class ImageInput extends EnrollInput implements IProfileInput { - - public static final String IMAGE_URL = "image_url"; - - public ImageInput() { - addValueName(IMAGE_URL); - } - - /** - * Initializes this default policy. - */ - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - /** - * Retrieves the localizable name of this policy. - */ - public String getName(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_IMAGE_NAME"); - } - - /** - * Retrieves the localizable description of this policy. - */ - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_IMAGE_TEXT"); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { - request.setExtData(IMAGE_URL, ctx.get(IMAGE_URL)); - } - - /** - * Retrieves the descriptor of the given value - * parameter by name. - */ - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(IMAGE_URL)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_IMAGE_URL")); - } - return null; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java b/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java deleted file mode 100644 index c2b3cf0d5..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java +++ /dev/null @@ -1,184 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.input; - -import java.util.Locale; - -import netscape.security.pkcs.PKCS10; -import netscape.security.util.DerInputStream; -import netscape.security.x509.X509CertInfo; - -import org.mozilla.jss.pkix.cmc.TaggedRequest; -import org.mozilla.jss.pkix.crmf.CertReqMsg; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfileContext; -import com.netscape.certsrv.profile.IProfileInput; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.common.EnrollProfile; - -/** - * This class implements the key generation input that - * populates parameters to the enrollment page for - * key generation. - * <p> - * - * This input normally is used with user-based or non certificate request profile. - * <p> - * - * @version $Revision$, $Date$ - */ -public class KeyGenInput extends EnrollInput implements IProfileInput { - - public static final String VAL_KEYGEN_REQUEST_TYPE = - EnrollProfile.CTX_CERT_REQUEST_TYPE; - public static final String VAL_KEYGEN_REQUEST = - EnrollProfile.CTX_CERT_REQUEST; - - public EnrollProfile mEnrollProfile = null; - - public KeyGenInput() { - addValueName(VAL_KEYGEN_REQUEST_TYPE); - addValueName(VAL_KEYGEN_REQUEST); - } - - /** - * Initializes this default policy. - */ - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - mEnrollProfile = (EnrollProfile) profile; - } - - /** - * Retrieves the localizable name of this policy. - */ - public String getName(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEY_GEN_NAME"); - } - - /** - * Retrieves the localizable description of this policy. - */ - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEY_GEN_TEXT"); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { - String keygen_request_type = ctx.get(VAL_KEYGEN_REQUEST_TYPE); - String keygen_request = ctx.get(VAL_KEYGEN_REQUEST); - - X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); - - if (keygen_request_type == null) { - CMS.debug("KeyGenInput: populate - invalid cert request type " + - ""); - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", - "")); - } - if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_PKCS10)) { - PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request); - - if (pkcs10 == null) { - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); - } - - mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request); - } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_KEYGEN)) { - DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), keygen_request); - - if (keygen == null) { - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); - } - - mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request); - } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_CRMF)) { - CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), keygen_request); - - if (msgs == null) { - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); - } - for (int x = 0; x < msgs.length; x++) { - verifyPOP(getLocale(request), msgs[x]); - } - // This profile only handle the first request in CRMF - Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); - - mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request); - } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_CMC)) { - TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), keygen_request); - - if (msgs == null) { - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); - } - // This profile only handle the first request in CRMF - Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); - - if (seqNum == null) { - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_SEQ_NUM")); - } - - mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request); - } else { - // error - CMS.debug("DualKeyGenInput: populate - " + - "invalid cert request type " + keygen_request_type); - throw new EProfileException(CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", - keygen_request_type)); - } - request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); - } - - /** - * Retrieves the descriptor of the given value - * parameter by name. - */ - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_KEYGEN_REQUEST_TYPE)) { - return new Descriptor(IDescriptor.KEYGEN_REQUEST_TYPE, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ_TYPE")); - } else if (name.equals(VAL_KEYGEN_REQUEST)) { - return new Descriptor(IDescriptor.KEYGEN_REQUEST, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ")); - } - return null; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java deleted file mode 100644 index 542a2c940..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java +++ /dev/null @@ -1,89 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.input; - -import java.util.Locale; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfileContext; -import com.netscape.certsrv.profile.IProfileInput; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements the serial number input - * for renewal - * <p> - * - * @author Christina Fu - */ -public class SerialNumRenewInput extends EnrollInput implements IProfileInput { - - public static final String SERIAL_NUM = "serial_num"; - - public SerialNumRenewInput() { - addValueName(SERIAL_NUM); - } - - /** - * Initializes this default policy. - */ - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - /** - * Retrieves the localizable name of this policy. - */ - public String getName(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SERIAL_NUM_NAME"); - } - - /** - * Retrieves the localizable description of this policy. - */ - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SERIAL_NUM_TEXT"); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { - // - } - - /** - * Retrieves the descriptor of the given value - * parameter by name. - */ - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(SERIAL_NUM)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SERIAL_NUM_NAME")); - } - return null; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SigningKeyGenInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SigningKeyGenInput.java deleted file mode 100644 index aa471d4f6..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/input/SigningKeyGenInput.java +++ /dev/null @@ -1,184 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.input; - -import java.util.Locale; - -import netscape.security.pkcs.PKCS10; -import netscape.security.util.DerInputStream; -import netscape.security.x509.X509CertInfo; - -import org.mozilla.jss.pkix.cmc.TaggedRequest; -import org.mozilla.jss.pkix.crmf.CertReqMsg; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfileContext; -import com.netscape.certsrv.profile.IProfileInput; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.common.EnrollProfile; - -/** - * This class implements the key generation input that - * populates parameters to the enrollment page for - * key generation. - * <p> - * - * This input normally is used with user-based or non certificate request profile. - * <p> - * - * @version $Revision$, $Date$ - */ -public class SigningKeyGenInput extends EnrollInput implements IProfileInput { - - public static final String VAL_KEYGEN_REQUEST_TYPE = - EnrollProfile.CTX_CERT_REQUEST_TYPE; - public static final String VAL_KEYGEN_REQUEST = - EnrollProfile.CTX_CERT_REQUEST; - - public EnrollProfile mEnrollProfile = null; - - public SigningKeyGenInput() { - addValueName(VAL_KEYGEN_REQUEST_TYPE); - addValueName(VAL_KEYGEN_REQUEST); - } - - /** - * Initializes this default policy. - */ - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - mEnrollProfile = (EnrollProfile) profile; - } - - /** - * Retrieves the localizable name of this policy. - */ - public String getName(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SIGN_KEY_GEN_NAME"); - } - - /** - * Retrieves the localizable description of this policy. - */ - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SIGN_KEY_GEN_TEXT"); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { - String keygen_request_type = ctx.get(VAL_KEYGEN_REQUEST_TYPE); - String keygen_request = ctx.get(VAL_KEYGEN_REQUEST); - - X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); - - if (keygen_request_type == null) { - CMS.debug("SigningKeyGenInput: populate - invalid cert request type " + - ""); - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", - "")); - } - if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_PKCS10)) { - PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request); - - if (pkcs10 == null) { - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); - } - - mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request); - } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_KEYGEN)) { - DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), keygen_request); - - if (keygen == null) { - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); - } - - mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request); - } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_CRMF)) { - CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), keygen_request); - - if (msgs == null) { - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); - } - for (int x = 0; x < msgs.length; x++) { - verifyPOP(getLocale(request), msgs[x]); - } - // This profile only handle the first request in CRMF - Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); - - mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request); - } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_CMC)) { - TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), keygen_request); - - if (msgs == null) { - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); - } - // This profile only handle the first request in CRMF - Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); - - if (seqNum == null) { - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_SEQ_NUM")); - } - - mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request); - } else { - // error - CMS.debug("SigningKeyGenInput: populate - " + - "invalid cert request type " + keygen_request_type); - throw new EProfileException(CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", - keygen_request_type)); - } - request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); - } - - /** - * Retrieves the descriptor of the given value - * parameter by name. - */ - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_KEYGEN_REQUEST_TYPE)) { - return new Descriptor(IDescriptor.SIGN_KEYGEN_REQUEST_TYPE, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ_TYPE")); - } else if (name.equals(VAL_KEYGEN_REQUEST)) { - return new Descriptor(IDescriptor.SIGN_KEYGEN_REQUEST, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ")); - } - return null; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java deleted file mode 100644 index a12351f8a..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java +++ /dev/null @@ -1,142 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.input; - -import java.util.Enumeration; -import java.util.Locale; -import java.util.Vector; - -import netscape.security.x509.CertificateSubjectName; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfileContext; -import com.netscape.certsrv.profile.IProfileInput; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.common.EnrollProfile; - -/** - * This plugin accepts subject DN from end user. - */ -public class SubjectDNInput extends EnrollInput implements IProfileInput { - - public static final String VAL_SUBJECT = "subject"; - - public SubjectDNInput() { - } - - /** - * Initializes this default policy. - */ - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - /** - * Retrieves the localizable name of this policy. - */ - public String getName(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_NAME"); - } - - /** - * Retrieves the localizable description of this policy. - */ - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_TEXT"); - } - - public String getConfig(String name) { - String config = super.getConfig(name); - if (config == null || config.equals("")) - return "true"; - return config; - } - - /** - * Returns selected value names based on the configuration. - */ - public Enumeration<String> getValueNames() { - Vector<String> v = new Vector<String>(); - v.addElement(VAL_SUBJECT); - return v.elements(); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { - X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); - String subjectName = ""; - - subjectName = ctx.get(VAL_SUBJECT); - if (subjectName.equals("")) { - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); - } - X500Name name = null; - - try { - name = new X500Name(subjectName); - } catch (Exception e) { - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName)); - } - parseSubjectName(name, info, request); - request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - return null; - } - - /** - * Retrieves the descriptor of the given value - * parameter by name. - */ - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_SUBJECT)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME")); - } - return null; - } - - protected void parseSubjectName(X500Name subj, X509CertInfo info, IRequest req) - throws EProfileException { - try { - req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME, - new CertificateSubjectName(subj)); - } catch (Exception e) { - CMS.debug("SubjectNameInput: parseSubject Name " + - e.toString()); - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java deleted file mode 100644 index db70da666..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java +++ /dev/null @@ -1,382 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.input; - -import java.util.Enumeration; -import java.util.Locale; -import java.util.Vector; - -import netscape.security.x509.CertificateSubjectName; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfileContext; -import com.netscape.certsrv.profile.IProfileInput; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.common.EnrollProfile; - -/** - * This class implements the subject name input - * that populates text fields to the enrollment - * page so that distinguished name parameters - * can be collected from the user. - * <p> - * The collected parameters could be used for fomulating the subject name in the certificate. - * <p> - * - * @version $Revision$, $Date$ - */ -public class SubjectNameInput extends EnrollInput implements IProfileInput { - - public static final String CONFIG_UID = "sn_uid"; - public static final String CONFIG_EMAIL = "sn_e"; - public static final String CONFIG_CN = "sn_cn"; - public static final String CONFIG_OU3 = "sn_ou3"; - public static final String CONFIG_OU2 = "sn_ou2"; - public static final String CONFIG_OU1 = "sn_ou1"; - public static final String CONFIG_OU = "sn_ou"; - public static final String CONFIG_O = "sn_o"; - public static final String CONFIG_C = "sn_c"; - - public static final String VAL_UID = "sn_uid"; - public static final String VAL_EMAIL = "sn_e"; - public static final String VAL_CN = "sn_cn"; - public static final String VAL_OU3 = "sn_ou3"; - public static final String VAL_OU2 = "sn_ou2"; - public static final String VAL_OU1 = "sn_ou1"; - public static final String VAL_OU = "sn_ou"; - public static final String VAL_O = "sn_o"; - public static final String VAL_C = "sn_c"; - - public SubjectNameInput() { - addConfigName(CONFIG_UID); - addConfigName(CONFIG_EMAIL); - addConfigName(CONFIG_CN); - addConfigName(CONFIG_OU3); - addConfigName(CONFIG_OU2); - addConfigName(CONFIG_OU1); - addConfigName(CONFIG_OU); - addConfigName(CONFIG_O); - addConfigName(CONFIG_C); - } - - /** - * Initializes this default policy. - */ - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - /** - * Retrieves the localizable name of this policy. - */ - public String getName(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_NAME"); - } - - /** - * Retrieves the localizable description of this policy. - */ - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_TEXT"); - } - - public String getConfig(String name) { - String config = super.getConfig(name); - if (config == null || config.equals("")) - return "true"; - return config; - } - - /** - * Returns selected value names based on the configuration. - */ - public Enumeration<String> getValueNames() { - Vector<String> v = new Vector<String>(); - String c_uid = getConfig(CONFIG_UID); - if (c_uid == null || c_uid.equals("")) { - v.addElement(VAL_UID); // default case - } else { - if (c_uid.equals("true")) { - v.addElement(VAL_UID); - } - } - String c_email = getConfig(CONFIG_EMAIL); - if (c_email == null || c_email.equals("")) { - v.addElement(VAL_EMAIL); - } else { - if (c_email.equals("true")) { - v.addElement(VAL_EMAIL); - } - } - String c_cn = getConfig(CONFIG_CN); - if (c_cn == null || c_cn.equals("")) { - v.addElement(VAL_CN); - } else { - if (c_cn.equals("true")) { - v.addElement(VAL_CN); - } - } - String c_ou3 = getConfig(CONFIG_OU3); - if (c_ou3 == null || c_ou3.equals("")) { - v.addElement(VAL_OU3); - } else { - if (c_ou3.equals("true")) { - v.addElement(VAL_OU3); - } - } - String c_ou2 = getConfig(CONFIG_OU2); - if (c_ou2 == null || c_ou2.equals("")) { - v.addElement(VAL_OU2); - } else { - if (c_ou2.equals("true")) { - v.addElement(VAL_OU2); - } - } - String c_ou1 = getConfig(CONFIG_OU1); - if (c_ou1 == null || c_ou1.equals("")) { - v.addElement(VAL_OU1); - } else { - if (c_ou1.equals("true")) { - v.addElement(VAL_OU1); - } - } - String c_ou = getConfig(CONFIG_OU); - if (c_ou == null || c_ou.equals("")) { - v.addElement(VAL_OU); - } else { - if (c_ou.equals("true")) { - v.addElement(VAL_OU); - } - } - String c_o = getConfig(CONFIG_O); - if (c_o == null || c_o.equals("")) { - v.addElement(VAL_O); - } else { - if (c_o.equals("true")) { - v.addElement(VAL_O); - } - } - String c_c = getConfig(CONFIG_C); - if (c_c == null || c_c.equals("")) { - v.addElement(VAL_C); - } else { - if (c_c.equals("true")) { - v.addElement(VAL_C); - } - } - return v.elements(); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { - X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); - String subjectName = ""; - - String uid = ctx.get(VAL_UID); - - if (uid != null && !uid.equals("")) { - subjectName += "UID=" + uid; - } - String email = ctx.get(VAL_EMAIL); - - if (email != null && !email.equals("")) { - if (!subjectName.equals("")) { - subjectName += ","; - } - subjectName += "E=" + email; - } - String cn = ctx.get(VAL_CN); - - if (cn != null && !cn.equals("")) { - if (!subjectName.equals("")) { - subjectName += ","; - } - subjectName += "CN=" + cn; - } - String ou3 = ctx.get(VAL_OU3); - if (ou3 != null && !ou3.equals("")) { - if (!subjectName.equals("")) { - subjectName += ","; - } - subjectName += "OU=" + ou3; - } - String ou2 = ctx.get(VAL_OU2); - if (ou2 != null && !ou2.equals("")) { - if (!subjectName.equals("")) { - subjectName += ","; - } - subjectName += "OU=" + ou2; - } - String ou1 = ctx.get(VAL_OU1); - if (ou1 != null && !ou1.equals("")) { - if (!subjectName.equals("")) { - subjectName += ","; - } - subjectName += "OU=" + ou1; - } - String ou = ctx.get(VAL_OU); - if (ou != null && !ou.equals("")) { - if (!subjectName.equals("")) { - subjectName += ","; - } - subjectName += "OU=" + ou; - } - String o = ctx.get(VAL_O); - - if (o != null && !o.equals("")) { - if (!subjectName.equals("")) { - subjectName += ","; - } - subjectName += "O=" + o; - } - String c = ctx.get(VAL_C); - - if (c != null && !c.equals("")) { - if (!subjectName.equals("")) { - subjectName += ","; - } - subjectName += "C=" + c; - } - if (subjectName.equals("")) { - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); - } - X500Name name = null; - - try { - name = new X500Name(subjectName); - } catch (Exception e) { - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName)); - } - parseSubjectName(name, info, request); - request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_UID)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "true", - CMS.getUserMessage(locale, "CMS_PROFILE_SN_UID")); - } else if (name.equals(CONFIG_EMAIL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "true", - CMS.getUserMessage(locale, "CMS_PROFILE_SN_UID")); - } else if (name.equals(CONFIG_CN)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "true", - CMS.getUserMessage(locale, "CMS_PROFILE_SN_CN")); - } else if (name.equals(CONFIG_OU3)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "true", - CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU")); - } else if (name.equals(CONFIG_OU2)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "true", - CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU")); - } else if (name.equals(CONFIG_OU1)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "true", - CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU")); - } else if (name.equals(CONFIG_OU)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "true", - CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU")); - } else if (name.equals(CONFIG_O)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "true", - CMS.getUserMessage(locale, "CMS_PROFILE_SN_O")); - } else if (name.equals(CONFIG_C)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "true", - CMS.getUserMessage(locale, "CMS_PROFILE_SN_C")); - } else { - return null; - } - } - - /** - * Retrieves the descriptor of the given value - * parameter by name. - */ - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_UID)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_SN_UID")); - } else if (name.equals(VAL_EMAIL)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_SN_EMAIL")); - } else if (name.equals(VAL_CN)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_SN_CN")); - } else if (name.equals(VAL_OU3)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU") + " 3"); - } else if (name.equals(VAL_OU2)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU") + " 2"); - } else if (name.equals(VAL_OU1)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU") + " 1"); - } else if (name.equals(VAL_OU)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU")); - } else if (name.equals(VAL_O)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_SN_O")); - } else if (name.equals(VAL_C)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_SN_C")); - } - return null; - } - - protected void parseSubjectName(X500Name subj, X509CertInfo info, IRequest req) - throws EProfileException { - try { - req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME, - new CertificateSubjectName(subj)); - } catch (Exception e) { - CMS.debug("SubjectNameInput: parseSubject Name " + - e.toString()); - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java deleted file mode 100644 index 984706f42..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java +++ /dev/null @@ -1,102 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.input; - -import java.util.Locale; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfileContext; -import com.netscape.certsrv.profile.IProfileInput; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements the submitter information - * input that collects certificate requestor's - * information such as name, email and phone. - * <p> - * - * @version $Revision$, $Date$ - */ -public class SubmitterInfoInput extends EnrollInput implements IProfileInput { - - public static final String NAME = "requestor_name"; - public static final String EMAIL = "requestor_email"; - public static final String PHONE = "requestor_phone"; - - public SubmitterInfoInput() { - addValueName(NAME); - addValueName(EMAIL); - addValueName(PHONE); - } - - /** - * Initializes this default policy. - */ - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - /** - * Retrieves the localizable name of this policy. - */ - public String getName(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBMITTER_NAME"); - } - - /** - * Retrieves the localizable description of this policy. - */ - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBMITTER_TEXT"); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { - // - } - - /** - * Retrieves the descriptor of the given value - * parameter by name. - */ - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(NAME)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_REQUESTOR_NAME")); - } else if (name.equals(EMAIL)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_REQUESTOR_EMAIL")); - } else if (name.equals(PHONE)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_REQUESTOR_PHONE")); - } - return null; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java deleted file mode 100644 index 3c6067891..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java +++ /dev/null @@ -1,160 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.input; - -import java.util.Locale; - -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfileContext; -import com.netscape.certsrv.profile.IProfileInput; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.common.EnrollProfile; - -/** - * This class implements the certificate request input from TPS. - * This input populates 2 main fields to the enrollment "page": - * 1/ token cuid, 2/ publickey - * <p> - * - * This input usually is used by an enrollment profile for certificate requests coming from TPS. - * - * @version $Revision$, $Date$ - */ -public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput { - public static final String VAL_TOKEN_CUID = "tokencuid"; - public static final String VAL_PUBLIC_KEY = "publickey"; - - public EnrollProfile mEnrollProfile = null; - - public nsHKeyCertReqInput() { - addValueName(VAL_TOKEN_CUID); - addValueName(VAL_PUBLIC_KEY); - } - - /** - * Initializes this default policy. - */ - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - - mEnrollProfile = (EnrollProfile) profile; - } - - /** - * Retrieves the localizable name of this policy. - */ - public String getName(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_NAME"); - } - - /** - * Retrieves the localizable description of this policy. - */ - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TEXT"); - } - - /* - * Pretty print token cuid - */ - public String toPrettyPrint(String cuid) { - if (cuid == null) - return null; - - if (cuid.length() != 20) - return null; - - StringBuffer sb = new StringBuffer(); - for (int i = 0; i < cuid.length(); i++) { - if (i == 4 || i == 8 || i == 12 || i == 16) { - sb.append("-"); - } - sb.append(cuid.charAt(i)); - } - return sb.toString(); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { - String tcuid = ctx.get(VAL_TOKEN_CUID); - // pretty print tcuid - String prettyPrintCuid = toPrettyPrint(tcuid); - if (prettyPrintCuid == null) { - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_TOKENKEY_NO_TOKENCUID", - "")); - } - - request.setExtData("pretty_print_tokencuid", prettyPrintCuid); - - String pk = ctx.get(VAL_PUBLIC_KEY); - X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); - - if (tcuid == null) { - CMS.debug("nsHKeyCertReqInput: populate - tokencuid not found " + - ""); - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_TOKENKEY_NO_TOKENCUID", - "")); - } - if (pk == null) { - CMS.debug("nsHKeyCertReqInput: populate - public key not found " + - ""); - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY", - "")); - } - - mEnrollProfile.fillNSHKEY(getLocale(request), tcuid, pk, info, request); - request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); - } - - /** - * Retrieves the descriptor of the given value - * parameter by name. - */ - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_TOKEN_CUID)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TOKEN_CUID")); - } else if (name.equals(VAL_PUBLIC_KEY)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK")); - } - return null; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java deleted file mode 100644 index 196798683..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java +++ /dev/null @@ -1,129 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.input; - -import java.util.Locale; - -import netscape.security.x509.X509CertInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfileContext; -import com.netscape.certsrv.profile.IProfileInput; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.common.EnrollProfile; - -/** - * This class implements the certificate request input from TPS. - * This input populates 2 main fields to the enrollment "page": - * 1/ id, 2/ publickey - * <p> - * - * This input usually is used by an enrollment profile for certificate requests coming from TPS. - * - * @version $Revision$, $Date$ - */ -public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput { - public static final String VAL_SN = "screenname"; - public static final String VAL_PUBLIC_KEY = "publickey"; - - public EnrollProfile mEnrollProfile = null; - - public nsNKeyCertReqInput() { - addValueName(VAL_SN); - addValueName(VAL_PUBLIC_KEY); - } - - /** - * Initializes this default policy. - */ - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - - mEnrollProfile = (EnrollProfile) profile; - } - - /** - * Retrieves the localizable name of this policy. - */ - public String getName(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_NAME"); - } - - /** - * Retrieves the localizable description of this policy. - */ - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TEXT"); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { - String sn = ctx.get(VAL_SN); - String pk = ctx.get(VAL_PUBLIC_KEY); - X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); - - if (sn == null) { - CMS.debug("nsNKeyCertReqInput: populate - id not found " + - ""); - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_TOKENKEY_NO_ID", - "")); - } - if (pk == null) { - CMS.debug("nsNKeyCertReqInput: populate - public key not found " + - ""); - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY", - "")); - } - - mEnrollProfile.fillNSNKEY(getLocale(request), sn, pk, info, request); - request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); - } - - /** - * Retrieves the descriptor of the given value - * parameter by name. - */ - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_SN)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_UID")); - } else if (name.equals(VAL_PUBLIC_KEY)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK")); - } - return null; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java deleted file mode 100644 index 2253460b1..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java +++ /dev/null @@ -1,161 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.output; - -import java.io.ByteArrayOutputStream; -import java.security.cert.X509Certificate; -import java.util.Locale; - -import netscape.security.x509.CertificateChain; -import netscape.security.x509.X509CertImpl; - -import org.mozilla.jss.asn1.INTEGER; -import org.mozilla.jss.pkix.cmmf.CertOrEncCert; -import org.mozilla.jss.pkix.cmmf.CertRepContent; -import org.mozilla.jss.pkix.cmmf.CertResponse; -import org.mozilla.jss.pkix.cmmf.CertifiedKeyPair; -import org.mozilla.jss.pkix.cmmf.PKIStatusInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.ICertPrettyPrint; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.ca.ICertificateAuthority; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfileContext; -import com.netscape.certsrv.profile.IProfileOutput; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.common.EnrollProfile; - -/** - * This class implements the output plugin that outputs - * CMMF response for the issued certificate. - * - * @version $Revision$, $Date$ - */ -public class CMMFOutput extends EnrollOutput implements IProfileOutput { - - public static final String VAL_PRETTY_CERT = "pretty_cert"; - public static final String VAL_CMMF_RESPONSE = "cmmf_response"; - - public CMMFOutput() { - addValueName(VAL_PRETTY_CERT); - addValueName(VAL_CMMF_RESPONSE); - } - - /** - * Initializes this default policy. - */ - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - /** - * Retrieves the localizable name of this policy. - */ - public String getName(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_NAME"); - } - - /** - * Retrieves the localizable description of this policy. - */ - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_TEXT"); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { - } - - /** - * Retrieves the descriptor of the given value - * parameter by name. - */ - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_PRETTY_CERT)) { - return new Descriptor(IDescriptor.PRETTY_PRINT, null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_CERT_PP")); - } else if (name.equals(VAL_CMMF_RESPONSE)) { - return new Descriptor(IDescriptor.PRETTY_PRINT, null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_CMMF_B64")); - } - return null; - } - - public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { - if (name.equals(VAL_PRETTY_CERT)) { - X509CertImpl cert = request.getExtDataInCert( - EnrollProfile.REQUEST_ISSUED_CERT); - ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); - - return prettyCert.toString(locale); - } else if (name.equals(VAL_CMMF_RESPONSE)) { - try { - X509CertImpl cert = request.getExtDataInCert( - EnrollProfile.REQUEST_ISSUED_CERT); - if (cert == null) - return null; - - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem("ca"); - CertificateChain cachain = ca.getCACertChain(); - X509Certificate[] cacerts = cachain.getChain(); - - byte[][] caPubs = new byte[cacerts.length][]; - - for (int j = 0; j < cacerts.length; j++) { - caPubs[j] = ((X509CertImpl) cacerts[j]).getEncoded(); - } - - CertRepContent certRepContent = null; - certRepContent = new CertRepContent(caPubs); - - PKIStatusInfo status = new PKIStatusInfo(PKIStatusInfo.granted); - CertifiedKeyPair certifiedKP = - new CertifiedKeyPair(new CertOrEncCert(cert.getEncoded())); - CertResponse resp = - new CertResponse(new INTEGER(request.getRequestId().toString()), - status, certifiedKP); - certRepContent.addCertResponse(resp); - - ByteArrayOutputStream certRepOut = new ByteArrayOutputStream(); - certRepContent.encode(certRepOut); - byte[] certRepBytes = certRepOut.toByteArray(); - - return CMS.BtoA(certRepBytes); - } catch (Exception e) { - return null; - } - } else { - return null; - } - } - -} diff --git a/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java deleted file mode 100644 index 1293c055c..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java +++ /dev/null @@ -1,120 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.output; - -import java.util.Locale; - -import netscape.security.x509.X509CertImpl; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.ICertPrettyPrint; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfileContext; -import com.netscape.certsrv.profile.IProfileOutput; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.common.EnrollProfile; - -/** - * This class implements the pretty print certificate output - * that displays the issued certificate in a pretty print format. - * - * @version $Revision$, $Date$ - */ -public class CertOutput extends EnrollOutput implements IProfileOutput { - public static final String VAL_PRETTY_CERT = "pretty_cert"; - public static final String VAL_B64_CERT = "b64_cert"; - - public CertOutput() { - addValueName(VAL_PRETTY_CERT); - addValueName(VAL_B64_CERT); - } - - /** - * Initializes this default policy. - */ - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - /** - * Retrieves the localizable name of this policy. - */ - public String getName(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_NAME"); - } - - /** - * Retrieves the localizable description of this policy. - */ - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_TEXT"); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { - } - - /** - * Retrieves the descriptor of the given value - * parameter by name. - */ - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_PRETTY_CERT)) { - return new Descriptor(IDescriptor.PRETTY_PRINT, null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_CERT_PP")); - } else if (name.equals(VAL_B64_CERT)) { - return new Descriptor(IDescriptor.PRETTY_PRINT, null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_CERT_B64")); - } - return null; - } - - public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { - if (name.equals(VAL_PRETTY_CERT)) { - X509CertImpl cert = request.getExtDataInCert( - EnrollProfile.REQUEST_ISSUED_CERT); - if (cert == null) - return null; - ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); - - return prettyCert.toString(locale); - } else if (name.equals(VAL_B64_CERT)) { - X509CertImpl cert = request.getExtDataInCert( - EnrollProfile.REQUEST_ISSUED_CERT); - if (cert == null) - return null; - return CMS.getEncodedCert(cert); - } else { - return null; - } - } - -} diff --git a/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java deleted file mode 100644 index 25a4b4908..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java +++ /dev/null @@ -1,134 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.output; - -import java.util.Enumeration; -import java.util.Locale; -import java.util.Vector; - -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfileContext; -import com.netscape.certsrv.profile.IProfileOutput; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; - -/** - * This class implements the basic enrollment output. - * - * @version $Revision$, $Date$ - */ -public abstract class EnrollOutput implements IProfileOutput { - private IConfigStore mConfig = null; - private Vector<String> mValueNames = new Vector<String>(); - protected Vector<String> mConfigNames = new Vector<String>(); - - /** - * Initializes this default policy. - */ - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - mConfig = config; - } - - public IConfigStore getConfigStore() { - return mConfig; - } - - public void addValueName(String name) { - mValueNames.addElement(name); - } - - /** - * Populates the request with this policy default. - * - * @param ctx profile context - * @param request request - * @exception EProfileException failed to populate - */ - public abstract void populate(IProfileContext ctx, IRequest request) - throws EProfileException; - - /** - * Retrieves the descriptor of the given value - * parameter by name. - * - * @param locale user locale - * @param name property name - * @return property descriptor - */ - public abstract IDescriptor getValueDescriptor(Locale locale, String name); - - /** - * Retrieves the localizable name of this policy. - * - * @param locale user locale - * @return output policy name - */ - public abstract String getName(Locale locale); - - /** - * Retrieves the localizable description of this policy. - * - * @param locale user locale - * @return output policy description - */ - public abstract String getText(Locale locale); - - /** - * Retrieves a list of names of the value parameter. - */ - public Enumeration<String> getValueNames() { - return mValueNames.elements(); - } - - public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { - return request.getExtDataInString(name); - } - - /** - * Sets the value of the given value parameter by name. - */ - public void setValue(String name, Locale locale, IRequest request, - String value) throws EPropertyException { - request.setExtData(name, value); - } - - public Enumeration<String> getConfigNames() { - return mConfigNames.elements(); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - return null; - } - - public void setConfig(String name, String value) - throws EPropertyException { - } - - public String getConfig(String name) { - return null; - } - - public String getDefaultConfig(String name) { - return null; - } -} diff --git a/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java b/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java deleted file mode 100644 index 0e01e15dd..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java +++ /dev/null @@ -1,158 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.output; - -import java.io.ByteArrayOutputStream; -import java.security.cert.X509Certificate; -import java.util.Locale; - -import netscape.security.pkcs.ContentInfo; -import netscape.security.pkcs.PKCS7; -import netscape.security.pkcs.SignerInfo; -import netscape.security.x509.AlgorithmId; -import netscape.security.x509.CertificateChain; -import netscape.security.x509.X509CertImpl; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.ICertPrettyPrint; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.ca.ICertificateAuthority; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfileContext; -import com.netscape.certsrv.profile.IProfileOutput; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.common.EnrollProfile; - -/** - * This class implements the output plugin that outputs - * PKCS7 for the issued certificate. - * - * @version $Revision$, $Date$ - */ -public class PKCS7Output extends EnrollOutput implements IProfileOutput { - - public static final String VAL_PRETTY_CERT = "pretty_cert"; - public static final String VAL_PKCS7 = "pkcs7"; - - public PKCS7Output() { - addValueName(VAL_PRETTY_CERT); - addValueName(VAL_PKCS7); - } - - /** - * Initializes this default policy. - */ - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - /** - * Retrieves the localizable name of this policy. - */ - public String getName(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_NAME"); - } - - /** - * Retrieves the localizable description of this policy. - */ - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_TEXT"); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { - } - - /** - * Retrieves the descriptor of the given value - * parameter by name. - */ - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_PRETTY_CERT)) { - return new Descriptor(IDescriptor.PRETTY_PRINT, null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_CERT_PP")); - } else if (name.equals(VAL_PKCS7)) { - return new Descriptor(IDescriptor.PRETTY_PRINT, null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_PKCS7_B64")); - } - return null; - } - - public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { - if (name.equals(VAL_PRETTY_CERT)) { - X509CertImpl cert = request.getExtDataInCert( - EnrollProfile.REQUEST_ISSUED_CERT); - if (cert == null) - return null; - ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); - - return prettyCert.toString(locale); - } else if (name.equals(VAL_PKCS7)) { - - try { - X509CertImpl cert = request.getExtDataInCert( - EnrollProfile.REQUEST_ISSUED_CERT); - if (cert == null) - return null; - - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem("ca"); - CertificateChain cachain = ca.getCACertChain(); - X509Certificate[] cacerts = cachain.getChain(); - - X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; - int m = 1, n = 0; - - for (; n < cacerts.length; m++, n++) { - userChain[m] = (X509CertImpl) cacerts[n]; - } - - userChain[0] = cert; - PKCS7 p7 = new PKCS7(new AlgorithmId[0], - new ContentInfo(new byte[0]), - userChain, - new SignerInfo[0]); - ByteArrayOutputStream bos = new ByteArrayOutputStream(); - - p7.encodeSignedData(bos); - byte[] p7Bytes = bos.toByteArray(); - String p7Str = CMS.BtoA(p7Bytes); - - return p7Str; - } catch (Exception e) { - return ""; - } - } else { - return null; - } - } - -} diff --git a/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java deleted file mode 100644 index 6bf03f436..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java +++ /dev/null @@ -1,110 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.output; - -import java.util.Locale; - -import netscape.security.x509.X509CertImpl; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfileContext; -import com.netscape.certsrv.profile.IProfileOutput; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.common.EnrollProfile; - -/** - * This class implements the output plugin that outputs - * DER for the issued certificate for token keys - * - * @version $Revision$, $Date$ - */ -public class nsNKeyOutput extends EnrollOutput implements IProfileOutput { - - public static final String VAL_DER = "der"; - - public nsNKeyOutput() { - addValueName(VAL_DER); - } - - /** - * Initializes this default policy. - */ - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - super.init(profile, config); - } - - /** - * Retrieves the localizable name of this policy. - */ - public String getName(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_TOKENKEY_NAME"); - } - - /** - * Retrieves the localizable description of this policy. - */ - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_TOKENKEY_TEXT"); - } - - /** - * Populates the request with this policy default. - */ - public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { - } - - /** - * Retrieves the descriptor of the given value - * parameter by name. - */ - public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_DER)) { - return new Descriptor("der_b64", null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_DER_B64")); - } - return null; - } - - public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { - if (name.equals(VAL_DER)) { - - try { - X509CertImpl cert = request.getExtDataInCert( - EnrollProfile.REQUEST_ISSUED_CERT); - if (cert == null) - return null; - return CMS.BtoA(cert.getEncoded()); - } catch (Exception e) { - return ""; - } - } else { - return null; - } - } - -} diff --git a/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java b/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java deleted file mode 100644 index 52c87113d..000000000 --- a/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java +++ /dev/null @@ -1,321 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.profile.updater; - -import java.util.Enumeration; -import java.util.Locale; -import java.util.Vector; - -import netscape.ldap.LDAPException; -import netscape.security.x509.X509CertImpl; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.base.SessionContext; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IEnrollProfile; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfileUpdater; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.certsrv.request.RequestStatus; -import com.netscape.certsrv.usrgrp.IGroup; -import com.netscape.certsrv.usrgrp.IUGSubsystem; -import com.netscape.certsrv.usrgrp.IUser; -import com.netscape.cms.profile.common.EnrollProfile; - -/** - * This updater class will create the new user to the subsystem group and - * then add the subsystem certificate to the user. - * - * @version $Revision$, $Date$ - */ -public class SubsystemGroupUpdater implements IProfileUpdater { - - private IProfile mProfile = null; - private EnrollProfile mEnrollProfile = null; - private IConfigStore mConfig = null; - private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); - private Vector<String> mConfigNames = new Vector<String>(); - private Vector<String> mValueNames = new Vector<String>(); - - private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = - "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; - private final static String SIGNED_AUDIT_PASSWORD_VALUE = "********"; - private final static String SIGNED_AUDIT_EMPTY_NAME_VALUE_PAIR = "Unknown"; - private final static String SIGNED_AUDIT_NAME_VALUE_DELIMITER = ";;"; - private final static String SIGNED_AUDIT_NAME_VALUE_PAIRS_DELIMITER = "+"; - - public SubsystemGroupUpdater() { - } - - public void init(IProfile profile, IConfigStore config) - throws EProfileException { - mConfig = config; - mProfile = profile; - mEnrollProfile = (EnrollProfile) profile; - } - - public Enumeration<String> getConfigNames() { - return mConfigNames.elements(); - } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { - return null; - } - - public void setConfig(String name, String value) - throws EPropertyException { - if (mConfig.getSubStore("params") == null) { - // - } else { - mConfig.getSubStore("params").putString(name, value); - } - } - - public String getConfig(String name) { - try { - if (mConfig == null) { - return null; - } - if (mConfig.getSubStore("params") != null) { - return mConfig.getSubStore("params").getString(name); - } - } catch (EBaseException e) { - } - return ""; - } - - public IConfigStore getConfigStore() { - return mConfig; - } - - public void update(IRequest req, RequestStatus status) - throws EProfileException { - - String auditMessage = null; - String auditSubjectID = auditSubjectID(); - - CMS.debug("SubsystemGroupUpdater update starts"); - if (status != req.getRequestStatus()) { - return; - } - - X509CertImpl cert = req.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); - if (cert == null) - return; - - IConfigStore mainConfig = CMS.getConfigStore(); - - int num = 0; - try { - num = mainConfig.getInteger("subsystem.count", 0); - } catch (Exception e) { - } - - IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID)); - - String requestor_name = "subsystem"; - try { - requestor_name = req.getExtDataInString("requestor_name"); - } catch (Exception e1) { - // ignore - } - - // i.e. tps-1.2.3.4-4 - String id = requestor_name; - - num++; - mainConfig.putInteger("subsystem.count", num); - - try { - mainConfig.commit(false); - } catch (Exception e) { - } - String auditParams = "Scope;;users+Operation;;OP_ADD+source;;SubsystemGroupUpdater" + - "+Resource;;" + id + - "+fullname;;" + id + - "+state;;1" + - "+userType;;agentType+email;;<null>+password;;<null>+phone;;<null>"; - - IUser user = null; - CMS.debug("SubsystemGroupUpdater adduser"); - try { - user = system.createUser(id); - user.setFullName(id); - user.setEmail(""); - user.setPassword(""); - user.setUserType("agentType"); - user.setState("1"); - user.setPhone(""); - X509CertImpl[] certs = new X509CertImpl[1]; - certs[0] = cert; - user.setX509Certificates(certs); - - system.addUser(user); - CMS.debug("SubsystemGroupUpdater update: successfully add the user"); - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.SUCCESS, - auditParams); - audit(auditMessage); - - String b64 = ILogger.SIGNED_AUDIT_EMPTY_VALUE; - try { - byte[] certEncoded = cert.getEncoded(); - b64 = CMS.BtoA(certEncoded).trim(); - - // extract all line separators - StringBuffer sb = new StringBuffer(); - for (int i = 0; i < b64.length(); i++) { - if (!Character.isWhitespace(b64.charAt(i))) { - sb.append(b64.charAt(i)); - } - } - b64 = sb.toString(); - } catch (Exception ence) { - CMS.debug("SubsystemGroupUpdater update: user cert encoding failed: " + ence); - } - - auditParams = "Scope;;certs+Operation;;OP_ADD+source;;SubsystemGroupUpdater" + - "+Resource;;" + id + - "+cert;;" + b64; - - system.addUserCert(user); - CMS.debug("SubsystemGroupUpdater update: successfully add the user certificate"); - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.SUCCESS, - auditParams); - audit(auditMessage); - } catch (LDAPException e) { - CMS.debug("UpdateSubsystemGroup: update " + e.toString()); - if (e.getLDAPResultCode() != LDAPException.ENTRY_ALREADY_EXISTS) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams); - audit(auditMessage); - throw new EProfileException(e.toString()); - } - } catch (Exception e) { - CMS.debug("UpdateSubsystemGroup: update addUser " + e.toString()); - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams); - audit(auditMessage); - throw new EProfileException(e.toString()); - } - - IGroup group = null; - String groupName = "Subsystem Group"; - auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;SubsystemGroupUpdater" + - "+Resource;;" + groupName; - - try { - group = system.getGroupFromName(groupName); - - auditParams += "+user;;"; - Enumeration<String> members = group.getMemberNames(); - while (members.hasMoreElements()) { - auditParams += members.nextElement(); - if (members.hasMoreElements()) { - auditParams += ","; - } - } - - if (!group.isMember(id)) { - auditParams += "," + id; - group.addMemberName(id); - system.modifyGroup(group); - - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.SUCCESS, - auditParams); - audit(auditMessage); - - CMS.debug("UpdateSubsystemGroup: update: successfully added the user to the group."); - } else { - CMS.debug("UpdateSubsystemGroup: update: user already a member of the group"); - } - } catch (Exception e) { - CMS.debug("UpdateSubsystemGroup update: modifyGroup " + e.toString()); - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams); - audit(auditMessage); - } - } - - public String getName(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_UPDATER_SUBSYSTEM_NAME"); - } - - public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_UPDATER_SUBSYSTEM_TEXT"); - } - - private void audit(String msg) { - if (mSignedAuditLogger == null) { - return; - } - - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); - } - - private String auditSubjectID() { - if (mSignedAuditLogger == null) { - return null; - } - - String subjectID = null; - - // Initialize subjectID - SessionContext auditContext = SessionContext.getExistingContext(); - - if (auditContext != null) { - subjectID = (String) - auditContext.get(SessionContext.USER_ID); - - if (subjectID != null) { - subjectID = subjectID.trim(); - } else { - subjectID = ILogger.NONROLEUSER; - } - } else { - subjectID = ILogger.UNIDENTIFIED; - } - return subjectID; - } -} |