diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/policy')
8 files changed, 568 insertions, 592 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/policy/AndExpression.java b/pki/base/common/src/com/netscape/cmscore/policy/AndExpression.java index d58cfe132..7e704dfbf 100644 --- a/pki/base/common/src/com/netscape/cmscore/policy/AndExpression.java +++ b/pki/base/common/src/com/netscape/cmscore/policy/AndExpression.java @@ -17,31 +17,30 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.policy; - import com.netscape.certsrv.policy.EPolicyException; import com.netscape.certsrv.policy.IExpression; import com.netscape.certsrv.request.IRequest; - /** * This class represents an expression of the form * <var1 op val1 AND var2 op va2>. - * + * * Expressions are used as predicates for policy selection. - * + * * @author kanda * @version $Revision$, $Date$ */ public class AndExpression implements IExpression { private IExpression mExp1; private IExpression mExp2; + public AndExpression(IExpression exp1, IExpression exp2) { mExp1 = exp1; mExp2 = exp2; } public boolean evaluate(IRequest req) - throws EPolicyException { + throws EPolicyException { // If an expression is missing we assume applicability. if (mExp1 == null && mExp2 == null) return true; @@ -49,7 +48,8 @@ public class AndExpression implements IExpression { return mExp1.evaluate(req) && mExp2.evaluate(req); else if (mExp1 == null) return mExp2.evaluate(req); - else // (if mExp2 == null) + else + // (if mExp2 == null) return mExp1.evaluate(req); } diff --git a/pki/base/common/src/com/netscape/cmscore/policy/GeneralNameUtil.java b/pki/base/common/src/com/netscape/cmscore/policy/GeneralNameUtil.java index 4587bca69..8fe2863d4 100644 --- a/pki/base/common/src/com/netscape/cmscore/policy/GeneralNameUtil.java +++ b/pki/base/common/src/com/netscape/cmscore/policy/GeneralNameUtil.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.policy; - import java.io.ByteArrayInputStream; import java.io.IOException; import java.util.Enumeration; @@ -50,9 +49,8 @@ import com.netscape.certsrv.policy.IGeneralNamesConfig; import com.netscape.certsrv.policy.ISubjAltNameConfig; import com.netscape.cmscore.util.Debug; - -/** - * Class that can be used to form general names from configuration file. +/** + * Class that can be used to form general names from configuration file. * Used by policies and extension commands. */ public class GeneralNameUtil implements IGeneralNameUtil { @@ -64,9 +62,9 @@ public class GeneralNameUtil implements IGeneralNameUtil { * are NameConstraints, CertificateScopeOfUse extensions. In such * cases, IPAddress may contain netmask component. */ - static public GeneralName - form_GeneralNameAsConstraints(String generalNameChoice, String value) - throws EBaseException { + static public GeneralName + form_GeneralNameAsConstraints(String generalNameChoice, String value) + throws EBaseException { try { if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_IPADDRESS)) { StringTokenizer st = new StringTokenizer(value, ","); @@ -87,15 +85,16 @@ public class GeneralNameUtil implements IGeneralNameUtil { /** * Form a General Name from a General Name choice and value. - * The General Name choice must be one of the General Name Choice Strings + * The General Name choice must be one of the General Name Choice Strings * defined in this class. - * @param generalNameChoice General Name choice. Must be one of the General - * Name choices defined in this class. + * + * @param generalNameChoice General Name choice. Must be one of the General + * Name choices defined in this class. * @param value String value of the general name to form. */ - static public GeneralName - form_GeneralName(String generalNameChoice, String value) - throws EBaseException { + static public GeneralName + form_GeneralName(String generalNameChoice, String value) + throws EBaseException { GeneralNameInterface generalNameI = null; DerValue derVal = null; GeneralName generalName = null; @@ -112,10 +111,12 @@ public class GeneralNameUtil implements IGeneralNameUtil { } else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_DNSNAME)) { generalNameI = new DNSName(value); Debug.trace("dnsName formed"); - } /** not supported -- no sun class - else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_X400ADDRESS)) { - } - **/ else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_DIRECTORYNAME)) { + }/** + * not supported -- no sun class + * else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_X400ADDRESS)) { + * } + **/ + else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_DIRECTORYNAME)) { generalNameI = new X500Name(value); Debug.trace("X500Name formed"); } else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_EDIPARTYNAME)) { @@ -135,35 +136,35 @@ public class GeneralNameUtil implements IGeneralNameUtil { } catch (Exception e) { throw new EBaseException( CMS.getUserMessage("CMS_BASE_INVALID_VALUE_FOR_TYPE", - generalNameChoice, - "value must be a valid OID in the form n.n.n.n")); + generalNameChoice, + "value must be a valid OID in the form n.n.n.n")); } generalNameI = new OIDName(oid); Debug.trace("oidname formed"); } else { throw new EBaseException( CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", - new String[] { - PROP_GENNAME_CHOICE, - "value must be one of: " + - GENNAME_CHOICE_OTHERNAME + ", " + - GENNAME_CHOICE_RFC822NAME + ", " + - GENNAME_CHOICE_DNSNAME + ", " + - - /* GENNAME_CHOICE_X400ADDRESS +", "+ */ - GENNAME_CHOICE_DIRECTORYNAME + ", " + - GENNAME_CHOICE_EDIPARTYNAME + ", " + - GENNAME_CHOICE_URL + ", " + - GENNAME_CHOICE_IPADDRESS + ", or " + - GENNAME_CHOICE_REGISTEREDID + "." + new String[] { + PROP_GENNAME_CHOICE, + "value must be one of: " + + GENNAME_CHOICE_OTHERNAME + ", " + + GENNAME_CHOICE_RFC822NAME + ", " + + GENNAME_CHOICE_DNSNAME + ", " + + + /* GENNAME_CHOICE_X400ADDRESS +", "+ */ + GENNAME_CHOICE_DIRECTORYNAME + ", " + + GENNAME_CHOICE_EDIPARTYNAME + ", " + + GENNAME_CHOICE_URL + ", " + + GENNAME_CHOICE_IPADDRESS + ", or " + + GENNAME_CHOICE_REGISTEREDID + "." } - )); + )); } } catch (IOException e) { Debug.printStackTrace(e); throw new EBaseException( CMS.getUserMessage("CMS_BASE_INVALID_VALUE_FOR_TYPE", - generalNameChoice, e.toString())); + generalNameChoice, e.toString())); } catch (InvalidIPAddressException e) { Debug.printStackTrace(e); throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_IP_ADDR", value)); @@ -187,62 +188,63 @@ public class GeneralNameUtil implements IGeneralNameUtil { } /** - * Checks if given string is a valid General Name choice and returns + * Checks if given string is a valid General Name choice and returns * the actual string that can be passed into form_GeneralName(). + * * @param generalNameChoice a General Name choice string. - * @return one of General Name choices defined in this class that can be - * passed into form_GeneralName(). + * @return one of General Name choices defined in this class that can be + * passed into form_GeneralName(). */ - static public String check_GeneralNameChoice(String generalNameChoice) - throws EBaseException { + static public String check_GeneralNameChoice(String generalNameChoice) + throws EBaseException { String theGeneralNameChoice = null; - if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_OTHERNAME)) + if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_OTHERNAME)) theGeneralNameChoice = GENNAME_CHOICE_OTHERNAME; - else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_RFC822NAME)) + else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_RFC822NAME)) theGeneralNameChoice = GENNAME_CHOICE_RFC822NAME; - else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_DNSNAME)) + else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_DNSNAME)) theGeneralNameChoice = GENNAME_CHOICE_DNSNAME; - /* X400Address not supported. - else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_X400ADDRESS)) - theGeneralNameChoice = GENNAME_CHOICE_X400ADDRESS; - */ - else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_DIRECTORYNAME)) + /* X400Address not supported. + else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_X400ADDRESS)) + theGeneralNameChoice = GENNAME_CHOICE_X400ADDRESS; + */ + else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_DIRECTORYNAME)) theGeneralNameChoice = GENNAME_CHOICE_DIRECTORYNAME; - else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_EDIPARTYNAME)) + else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_EDIPARTYNAME)) theGeneralNameChoice = GENNAME_CHOICE_EDIPARTYNAME; - else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_URL)) + else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_URL)) theGeneralNameChoice = GENNAME_CHOICE_URL; - else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_IPADDRESS)) + else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_IPADDRESS)) theGeneralNameChoice = GENNAME_CHOICE_IPADDRESS; - else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_REGISTEREDID)) + else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_REGISTEREDID)) theGeneralNameChoice = GENNAME_CHOICE_REGISTEREDID; else { throw new EBaseException( CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", - new String[] { - PROP_GENNAME_CHOICE + "=" + generalNameChoice, - "value must be one of: " + - GENNAME_CHOICE_OTHERNAME + ", " + - GENNAME_CHOICE_RFC822NAME + ", " + - GENNAME_CHOICE_DNSNAME + ", " + - - /* GENNAME_CHOICE_X400ADDRESS +", "+ */ - GENNAME_CHOICE_DIRECTORYNAME + ", " + - GENNAME_CHOICE_EDIPARTYNAME + ", " + - GENNAME_CHOICE_URL + ", " + - GENNAME_CHOICE_IPADDRESS + ", " + - GENNAME_CHOICE_REGISTEREDID + "." + new String[] { + PROP_GENNAME_CHOICE + "=" + generalNameChoice, + "value must be one of: " + + GENNAME_CHOICE_OTHERNAME + ", " + + GENNAME_CHOICE_RFC822NAME + ", " + + GENNAME_CHOICE_DNSNAME + ", " + + + /* GENNAME_CHOICE_X400ADDRESS +", "+ */ + GENNAME_CHOICE_DIRECTORYNAME + ", " + + GENNAME_CHOICE_EDIPARTYNAME + ", " + + GENNAME_CHOICE_URL + ", " + + GENNAME_CHOICE_IPADDRESS + ", " + + GENNAME_CHOICE_REGISTEREDID + "." } - )); + )); } return theGeneralNameChoice; } static public class GeneralNamesConfig implements IGeneralNamesConfig { public String mName = null; // substore name of config if any. - public GeneralNameConfig[] mGenNameConfigs = null; + public GeneralNameConfig[] mGenNameConfigs = null; public IConfigStore mConfig = null; public boolean mIsValueConfigured = true; public boolean mIsPolicyEnabled = true; @@ -252,17 +254,17 @@ public class GeneralNameUtil implements IGeneralNameUtil { private String mNameDotGeneralName = mName + DOT + PROP_GENERALNAME; public GeneralNamesConfig( - String name, - IConfigStore config, - boolean isValueConfigured, - boolean isPolicyEnabled) - throws EBaseException { + String name, + IConfigStore config, + boolean isValueConfigured, + boolean isPolicyEnabled) + throws EBaseException { mIsValueConfigured = isValueConfigured; mIsPolicyEnabled = isPolicyEnabled; mName = name; - if (mName != null) + if (mName != null) mNameDotGeneralName = mName + DOT + PROP_GENERALNAME; - else + else mNameDotGeneralName = PROP_GENERALNAME; mConfig = config; @@ -271,19 +273,19 @@ public class GeneralNameUtil implements IGeneralNameUtil { if (numGNs < 0) { throw new EBaseException( CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", - new String[] { - PROP_NUM_GENERALNAMES + "=" + numGNs, - "value must be greater than or equal to 0."} - )); + new String[] { + PROP_NUM_GENERALNAMES + "=" + numGNs, + "value must be greater than or equal to 0." } + )); } mGenNameConfigs = new GeneralNameConfig[numGNs]; for (int i = 0; i < numGNs; i++) { String storeName = mNameDotGeneralName + i; - mGenNameConfigs[i] = + mGenNameConfigs[i] = newGeneralNameConfig( - storeName, mConfig.getSubStore(storeName), - mIsValueConfigured, mIsPolicyEnabled); + storeName, mConfig.getSubStore(storeName), + mIsValueConfigured, mIsPolicyEnabled); } if (mIsValueConfigured && mIsPolicyEnabled) { @@ -299,9 +301,9 @@ public class GeneralNameUtil implements IGeneralNameUtil { } protected GeneralNameConfig newGeneralNameConfig( - String name, IConfigStore config, - boolean isValueConfigured, boolean isPolicyEnabled) - throws EBaseException { + String name, IConfigStore config, + boolean isValueConfigured, boolean isPolicyEnabled) + throws EBaseException { return new GeneralNameConfig( name, config, isValueConfigured, isPolicyEnabled); } @@ -334,20 +336,20 @@ public class GeneralNameUtil implements IGeneralNameUtil { return mDefNumGenNames; } - /** - * adds params to default + /** + * adds params to default */ public static void getDefaultParams( - String name, boolean isValueConfigured, Vector<String> params) { + String name, boolean isValueConfigured, Vector<String> params) { String nameDot = ""; - if (name != null) + if (name != null) nameDot = name + DOT; params.addElement( - nameDot + PROP_NUM_GENERALNAMES + '=' + DEF_NUM_GENERALNAMES); + nameDot + PROP_NUM_GENERALNAMES + '=' + DEF_NUM_GENERALNAMES); for (int i = 0; i < DEF_NUM_GENERALNAMES; i++) { GeneralNameConfig.getDefaultParams( - nameDot + PROP_GENERALNAME + i, isValueConfigured, params); + nameDot + PROP_GENERALNAME + i, isValueConfigured, params); } } @@ -356,7 +358,7 @@ public class GeneralNameUtil implements IGeneralNameUtil { */ public void getInstanceParams(Vector<String> params) { params.addElement( - PROP_NUM_GENERALNAMES + '=' + mGenNameConfigs.length); + PROP_NUM_GENERALNAMES + '=' + mGenNameConfigs.length); for (int i = 0; i < mGenNameConfigs.length; i++) { mGenNameConfigs[i].getInstanceParams(params); } @@ -366,7 +368,7 @@ public class GeneralNameUtil implements IGeneralNameUtil { * Get extended plugin info. */ public static void getExtendedPluginInfo( - String name, boolean isValueConfigured, Vector<String> info) { + String name, boolean isValueConfigured, Vector<String> info) { String nameDot = ""; if (name != null && name.length() > 0) @@ -374,33 +376,31 @@ public class GeneralNameUtil implements IGeneralNameUtil { info.addElement(PROP_NUM_GENERALNAMES + ";" + NUM_GENERALNAMES_INFO); for (int i = 0; i < DEF_NUM_GENERALNAMES; i++) { GeneralNameConfig.getExtendedPluginInfo( - nameDot + PROP_GENERALNAME + i, isValueConfigured, info); + nameDot + PROP_GENERALNAME + i, isValueConfigured, info); } } } - static public class GeneralNamesAsConstraintsConfig extends GeneralNamesConfig implements IGeneralNamesAsConstraintsConfig { public GeneralNamesAsConstraintsConfig( - String name, - IConfigStore config, - boolean isValueConfigured, - boolean isPolicyEnabled) - throws EBaseException { + String name, + IConfigStore config, + boolean isValueConfigured, + boolean isPolicyEnabled) + throws EBaseException { super(name, config, isValueConfigured, isPolicyEnabled); } protected GeneralNameConfig newGeneralNameConfig( - String name, IConfigStore config, - boolean isValueConfigured, boolean isPolicyEnabled) - throws EBaseException { - return new GeneralNameAsConstraintsConfig(name, config, + String name, IConfigStore config, + boolean isValueConfigured, boolean isPolicyEnabled) + throws EBaseException { + return new GeneralNameAsConstraintsConfig(name, config, isValueConfigured, isPolicyEnabled); } } - /** * convenience class for policies use. */ @@ -418,11 +418,11 @@ public class GeneralNameUtil implements IGeneralNameUtil { public String mNameDotValue = null; public GeneralNameConfig( - String name, - IConfigStore config, - boolean isValueConfigured, - boolean isPolicyEnabled) - throws EBaseException { + String name, + IConfigStore config, + boolean isValueConfigured, + boolean isPolicyEnabled) + throws EBaseException { mIsValueConfigured = isValueConfigured; mIsPolicyEnabled = isPolicyEnabled; mName = name; @@ -461,7 +461,7 @@ public class GeneralNameUtil implements IGeneralNameUtil { mGeneralName = formGeneralName(mGenNameChoice, mValue); } else { mValue = mConfig.getString(PROP_GENNAME_VALUE, ""); - if (mValue != null && mValue.length() > 0) + if (mValue != null && mValue.length() > 0) mGeneralName = formGeneralName(mGenNameChoice, mValue); } } @@ -470,23 +470,23 @@ public class GeneralNameUtil implements IGeneralNameUtil { /** * Form a general name from the value string. */ - public GeneralName formGeneralName(String value) - throws EBaseException { + public GeneralName formGeneralName(String value) + throws EBaseException { return formGeneralName(mGenNameChoice, value); } - public GeneralName formGeneralName(String choice, String value) - throws EBaseException { + public GeneralName formGeneralName(String choice, String value) + throws EBaseException { return form_GeneralName(choice, value); } - /** - * @return a vector of General names from a value that can be - * either a Vector of strings, string array or just a string. - * Returned Vector can be null if value is not of expected type. + /** + * @return a vector of General names from a value that can be + * either a Vector of strings, string array or just a string. + * Returned Vector can be null if value is not of expected type. */ - public Vector<GeneralName> formGeneralNames(Object value) - throws EBaseException { + public Vector<GeneralName> formGeneralNames(Object value) + throws EBaseException { Vector<GeneralName> gns = new Vector<GeneralName>(); GeneralName gn = null; @@ -513,7 +513,7 @@ public class GeneralNameUtil implements IGeneralNameUtil { Object val = n.nextElement(); if (val != null && (val instanceof String) && - ((String) (val = ((String) val).trim())).length() > 0) { + ((String) (val = ((String) val).trim())).length() > 0) { gn = formGeneralName(mGenNameChoice, (String) val); gns.addElement(gn); } @@ -553,7 +553,7 @@ public class GeneralNameUtil implements IGeneralNameUtil { */ public static void getDefaultParams( - String name, boolean isValueConfigured, Vector<String> params) { + String name, boolean isValueConfigured, Vector<String> params) { String nameDot = ""; if (name != null) @@ -565,14 +565,14 @@ public class GeneralNameUtil implements IGeneralNameUtil { } /** - * Get instance params + * Get instance params */ public void getInstanceParams(Vector<String> params) { String value = (mValue == null) ? "" : mValue; String choice = (mGenNameChoice == null) ? "" : mGenNameChoice; params.addElement(mNameDotChoice + "=" + choice); - if (mIsValueConfigured) + if (mIsValueConfigured) params.addElement(mNameDotValue + "=" + value); } @@ -580,31 +580,30 @@ public class GeneralNameUtil implements IGeneralNameUtil { * Get extended plugin info */ public static void getExtendedPluginInfo( - String name, boolean isValueConfigured, Vector<String> info) { + String name, boolean isValueConfigured, Vector<String> info) { String nameDot = ""; - if (name != null && name.length() > 0) + if (name != null && name.length() > 0) nameDot = name + "."; info.addElement( - nameDot + PROP_GENNAME_CHOICE + ";" + GENNAME_CHOICE_INFO); - if (isValueConfigured) + nameDot + PROP_GENNAME_CHOICE + ";" + GENNAME_CHOICE_INFO); + if (isValueConfigured) info.addElement( - nameDot + PROP_GENNAME_VALUE + ";" + GENNAME_VALUE_INFO); + nameDot + PROP_GENNAME_VALUE + ";" + GENNAME_VALUE_INFO); } } - /** * convenience class for policies use. */ static public class GeneralNameAsConstraintsConfig extends GeneralNameConfig implements IGeneralNameAsConstraintsConfig { - + public GeneralNameAsConstraintsConfig( - String name, - IConfigStore config, - boolean isValueConfigured, - boolean isPolicyEnabled) - throws EBaseException { + String name, + IConfigStore config, + boolean isValueConfigured, + boolean isPolicyEnabled) + throws EBaseException { super(name, config, isValueConfigured, isPolicyEnabled); } @@ -615,18 +614,17 @@ public class GeneralNameUtil implements IGeneralNameUtil { /** * Form a general name from the value string. */ - public GeneralName formGeneralName(String choice, String value) - throws EBaseException { + public GeneralName formGeneralName(String choice, String value) + throws EBaseException { return form_GeneralNameAsConstraints(choice, value); } } - public static class SubjAltNameGN extends GeneralNameUtil.GeneralNameConfig implements ISubjAltNameConfig { static final String REQUEST_ATTR_INFO = - "string;Request attribute name. " + - "The value of the request attribute will be used to form a " + - "General Name in the Subject Alternative Name extension."; + "string;Request attribute name. " + + "The value of the request attribute will be used to form a " + + "General Name in the Subject Alternative Name extension."; static final String PROP_REQUEST_ATTR = "requestAttr"; @@ -635,8 +633,8 @@ public class GeneralNameUtil implements IGeneralNameUtil { String mAttr = null; public SubjAltNameGN( - String name, IConfigStore config, boolean isPolicyEnabled) - throws EBaseException { + String name, IConfigStore config, boolean isPolicyEnabled) + throws EBaseException { super(name, config, false, isPolicyEnabled); mRequestAttr = mConfig.getString(PROP_REQUEST_ATTR, null); @@ -645,7 +643,7 @@ public class GeneralNameUtil implements IGeneralNameUtil { mRequestAttr = ""; } if (isPolicyEnabled && mRequestAttr.length() == 0) { - throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", + throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", mConfig.getName() + "." + PROP_REQUEST_ATTR)); } int x = mRequestAttr.indexOf('.'); diff --git a/pki/base/common/src/com/netscape/cmscore/policy/GenericPolicyProcessor.java b/pki/base/common/src/com/netscape/cmscore/policy/GenericPolicyProcessor.java index 2b4d012c7..ab85bb80d 100644 --- a/pki/base/common/src/com/netscape/cmscore/policy/GenericPolicyProcessor.java +++ b/pki/base/common/src/com/netscape/cmscore/policy/GenericPolicyProcessor.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.policy; - import java.util.Enumeration; import java.util.Hashtable; import java.util.StringTokenizer; @@ -48,20 +47,19 @@ import com.netscape.cmscore.request.ARequestQueue; import com.netscape.cmscore.util.AssertionException; import com.netscape.cmscore.util.Debug; - /** * This is a Generic policy processor. The three main functions of * this class are: - * 1. To initialize policies by reading policy configuration from the - * config file, and maintain 5 sets of policies - viz Enrollment, - * Renewal, Revocation and KeyRecovery and KeyArchival. - * 2. To apply the configured policies on the given request. - * 3. To enable policy listing/configuration via MCC console. - * + * 1. To initialize policies by reading policy configuration from the + * config file, and maintain 5 sets of policies - viz Enrollment, + * Renewal, Revocation and KeyRecovery and KeyArchival. + * 2. To apply the configured policies on the given request. + * 3. To enable policy listing/configuration via MCC console. + * * Since the policy processor also implements the IPolicy interface * the processor itself presents itself as one big policy to the * request processor. - * + * * @author kanda * @version $Revision$, $Date$ */ @@ -71,12 +69,12 @@ public class GenericPolicyProcessor implements IPolicyProcessor { protected IAuthority mAuthority = null; // Default System Policies - public final static String[] DEF_POLICIES = - {"com.netscape.cms.policy.constraints.ManualAuthentication"}; + public final static String[] DEF_POLICIES = + { "com.netscape.cms.policy.constraints.ManualAuthentication" }; // Policies that can't be deleted nor disabled. public final static Hashtable<String, IExpression> DEF_UNDELETABLE_POLICIES = - new Hashtable<String, IExpression>(); + new Hashtable<String, IExpression>(); private String mId = "Policy"; private Vector<String> mPolicyOrder = new Vector<String>(); @@ -125,9 +123,9 @@ public class GenericPolicyProcessor implements IPolicyProcessor { } /** - * Returns the configuration store. + * Returns the configuration store. * <P> - * + * * @return configuration store */ public IConfigStore getConfigStore() { @@ -137,24 +135,24 @@ public class GenericPolicyProcessor implements IPolicyProcessor { /** * Initializes the PolicyProcessor * <P> - * + * * @param owner owner of this subsystem * @param config configuration of this subsystem * @exception EBaseException failed to initialize this Subsystem. */ public synchronized void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { // Debug.trace("GenericPolicyProcessor::init"); CMS.debug("GenericPolicyProcessor::init begins"); mAuthority = (IAuthority) owner; mConfig = config; - mGlobalStore = + mGlobalStore = SubsystemRegistry.getInstance().get("MAIN").getConfigStore(); try { IConfigStore configStore = CMS.getConfigStore(); - String PKI_Subsystem = configStore.getString( "subsystem.0.id", - null ); + String PKI_Subsystem = configStore.getString("subsystem.0.id", + null); // CMS 6.1 began utilizing the "Certificate Profiles" framework // instead of the legacy "Certificate Policies" framework. @@ -167,31 +165,31 @@ public class GenericPolicyProcessor implements IPolicyProcessor { // NOTE: The "Certificate Policies" framework ONLY applied to // to CA, KRA, and legacy RA (pre-CMS 7.0) subsystems. // - if( PKI_Subsystem.trim().equalsIgnoreCase( "ca" ) || - PKI_Subsystem.trim().equalsIgnoreCase( "kra" ) ) { + if (PKI_Subsystem.trim().equalsIgnoreCase("ca") || + PKI_Subsystem.trim().equalsIgnoreCase("kra")) { String policyStatus = PKI_Subsystem.trim().toLowerCase() + "." + "Policy" + "." + IPolicyProcessor.PROP_ENABLE; - if( configStore.getBoolean( policyStatus, true ) == true ) { + if (configStore.getBoolean(policyStatus, true) == true) { // NOTE: If "<subsystem>.Policy.enable=<boolean>" is // missing, then the referenced instance existed // prior to this name=value pair existing in its // 'CS.cfg' file, and thus we err on the // side that the user may still need to // use the policy framework. - CMS.debug( "GenericPolicyProcessor::init Certificate " + CMS.debug("GenericPolicyProcessor::init Certificate " + "Policy Framework (deprecated) " - + "is ENABLED" ); + + "is ENABLED"); } else { // CS 8.1 Default: <subsystem>.Policy.enable=false - CMS.debug( "GenericPolicyProcessor::init Certificate " + CMS.debug("GenericPolicyProcessor::init Certificate " + "Policy Framework (deprecated) " - + "is DISABLED" ); + + "is DISABLED"); return; } } - } catch( EBaseException e ) { + } catch (EBaseException e) { throw e; } @@ -225,16 +223,16 @@ public class GenericPolicyProcessor implements IPolicyProcessor { throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_SYSTEM_POLICY_CONFIG_ERROR", clPath)); - // Verify if the class is a valid implementation of - // IPolicyRule + // Verify if the class is a valid implementation of + // IPolicyRule try { Object o = Class.forName(clPath).newInstance(); if (!(o instanceof IEnrollmentPolicy) && - !(o instanceof IRenewalPolicy) && - !(o instanceof IRevocationPolicy) && - !(o instanceof IKeyRecoveryPolicy) && - !(o instanceof IKeyArchivalPolicy)) + !(o instanceof IRenewalPolicy) && + !(o instanceof IRevocationPolicy) && + !(o instanceof IKeyRecoveryPolicy) && + !(o instanceof IKeyArchivalPolicy)) throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_IMPL", clPath)); } catch (EBaseException e) { @@ -247,7 +245,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor { // Register the implementation. RegisteredPolicy regPolicy = - new RegisteredPolicy(id, clPath); + new RegisteredPolicy(id, clPath); mImplTable.put(id, regPolicy); } @@ -291,7 +289,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor { String enabledStr = c.getString(PROP_ENABLE, null); if (enabledStr == null || enabledStr.trim().length() == 0 || - enabledStr.trim().equalsIgnoreCase("true")) + enabledStr.trim().equalsIgnoreCase("true")) enabled = true; else enabled = false; @@ -304,15 +302,15 @@ public class GenericPolicyProcessor implements IPolicyProcessor { // Make an instance of the specified policy. RegisteredPolicy regPolicy = - (RegisteredPolicy) mImplTable.get(implName); + (RegisteredPolicy) mImplTable.get(implName); if (regPolicy == null) { - String[] params = {implName, instanceName}; + String[] params = { implName, instanceName }; throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_IMPL_NOT_FOUND", params)); } - + String classpath = regPolicy.getClassPath(); try { @@ -332,8 +330,8 @@ public class GenericPolicyProcessor implements IPolicyProcessor { if (rule == null) continue; - // Read the predicate expression if any associated - // with the rule + // Read the predicate expression if any associated + // with the rule String exp = c.getString(GenericPolicyProcessor.PROP_PREDICATE, null); if (exp != null) @@ -345,13 +343,13 @@ public class GenericPolicyProcessor implements IPolicyProcessor { // Add the rule to the instance table mInstanceTable.put(instanceName, - new PolicyInstance(instanceName, implName, rule, enabled)); + new PolicyInstance(instanceName, implName, rule, enabled)); if (!enabled) continue; - // Add the rule to the policy set according to category if a - // rule is enabled. + // Add the rule to the policy set according to category if a + // rule is enabled. addRule(instanceName, rule); } @@ -372,8 +370,8 @@ public class GenericPolicyProcessor implements IPolicyProcessor { /** * Apply policies on the given request. - * - * @param IRequest The given request + * + * @param IRequest The given request * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -390,11 +388,11 @@ public class GenericPolicyProcessor implements IPolicyProcessor { return PolicyResult.ACCEPTED; } if (isProfileRequest(req)) { - Debug.trace("GenericPolicyProcessor: Profile-base Request " + - req.getRequestId().toString()); + Debug.trace("GenericPolicyProcessor: Profile-base Request " + + req.getRequestId().toString()); return PolicyResult.ACCEPTED; } - CMS.debug("GenericPolicyProcessor: apply not ProfileRequest. op="+op); + CMS.debug("GenericPolicyProcessor: apply not ProfileRequest. op=" + op); if (op.equalsIgnoreCase(IRequest.ENROLLMENT_REQUEST)) rules = mEnrollmentRules; @@ -421,11 +419,11 @@ public class GenericPolicyProcessor implements IPolicyProcessor { return PolicyResult.ACCEPTED; /** - setError(req, PolicyResources.NO_RULES_CONFIGURED, op); - return PolicyResult.REJECTED; + * setError(req, PolicyResources.NO_RULES_CONFIGURED, op); + * return PolicyResult.REJECTED; **/ } - CMS.debug("GenericPolicyProcessor: apply: rules.count="+ rules.count()); + CMS.debug("GenericPolicyProcessor: apply: rules.count=" + rules.count()); // request must be up to date or can't process it. PolicyResult res = PolicyResult.ACCEPTED; @@ -466,11 +464,11 @@ public class GenericPolicyProcessor implements IPolicyProcessor { try { while (enum1.hasMoreElements()) { RegisteredPolicy regPolicy = - (RegisteredPolicy) enum1.nextElement(); + (RegisteredPolicy) enum1.nextElement(); // Make an Instance of it IPolicyRule ruleImpl = (IPolicyRule) - Class.forName(regPolicy.getClassPath()).newInstance(); + Class.forName(regPolicy.getClassPath()).newInstance(); impls.addElement(ruleImpl); } @@ -489,7 +487,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor { try { while (enum1.hasMoreElements()) { RegisteredPolicy regPolicy = - (RegisteredPolicy) enum1.nextElement(); + (RegisteredPolicy) enum1.nextElement(); impls.addElement(regPolicy.getId()); @@ -503,7 +501,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor { public IPolicyRule getPolicyImpl(String id) { RegisteredPolicy regImpl = (RegisteredPolicy) - mImplTable.get(id); + mImplTable.get(id); if (regImpl == null) return null; @@ -523,7 +521,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor { if (rp == null) return null; - Vector<String> v = rp.getDefaultParams(); + Vector<String> v = rp.getDefaultParams(); if (v == null) v = new Vector<String>(); @@ -533,16 +531,16 @@ public class GenericPolicyProcessor implements IPolicyProcessor { } public void deletePolicyImpl(String id) - throws EBaseException { + throws EBaseException { // First check if the id is valid; RegisteredPolicy regPolicy = - (RegisteredPolicy) mImplTable.get(id); + (RegisteredPolicy) mImplTable.get(id); if (regPolicy == null) throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_NO_POLICY_IMPL", id)); - // If any instance exists for this impl, can't delete it. + // If any instance exists for this impl, can't delete it. boolean instanceExist = false; Enumeration<PolicyInstance> e = mInstanceTable.elements(); @@ -558,12 +556,12 @@ public class GenericPolicyProcessor implements IPolicyProcessor { throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_ACTIVE_POLICY_RULES_EXIST", id)); - // Else delete the implementation + // Else delete the implementation mImplTable.remove(id); - IConfigStore policyStore = - mGlobalStore.getSubStore(getPolicySubstoreId()); - IConfigStore implStore = - policyStore.getSubStore(PROP_IMPL); + IConfigStore policyStore = + mGlobalStore.getSubStore(getPolicySubstoreId()); + IConfigStore implStore = + policyStore.getSubStore(PROP_IMPL); implStore.removeSubStore(id); @@ -572,7 +570,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor { mGlobalStore.commit(true); } catch (Exception ex) { Debug.printStackTrace(ex); - String[] params = {"implementation", id}; + String[] params = { "implementation", id }; throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_DELETING_POLICY_ERROR", params)); @@ -580,49 +578,49 @@ public class GenericPolicyProcessor implements IPolicyProcessor { } public void addPolicyImpl(String id, String classPath) - throws EBaseException { + throws EBaseException { // See if the id is unique if (mImplTable.containsKey(id)) throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_DUPLICATE_IMPL_ID", id)); - // See if the classPath is ok + // See if the classPath is ok Object impl = null; try { impl = Class.forName(classPath).newInstance(); - }catch (Exception e) { + } catch (Exception e) { throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_NO_POLICY_IMPL", id)); } // Does the class implement one of the four interfaces? if (!(impl instanceof IEnrollmentPolicy) && - !(impl instanceof IRenewalPolicy) && - !(impl instanceof IRevocationPolicy) && - !(impl instanceof IKeyRecoveryPolicy) && - !(impl instanceof IKeyArchivalPolicy)) + !(impl instanceof IRenewalPolicy) && + !(impl instanceof IRevocationPolicy) && + !(impl instanceof IKeyRecoveryPolicy) && + !(impl instanceof IKeyArchivalPolicy)) throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_IMPL", classPath)); - // Add the implementation to the registry + // Add the implementation to the registry RegisteredPolicy regPolicy = - new RegisteredPolicy(id, classPath); + new RegisteredPolicy(id, classPath); mImplTable.put(id, regPolicy); // Store the impl in the configuration. - IConfigStore policyStore = - mGlobalStore.getSubStore(getPolicySubstoreId()); - IConfigStore implStore = - policyStore.getSubStore(PROP_IMPL); + IConfigStore policyStore = + mGlobalStore.getSubStore(getPolicySubstoreId()); + IConfigStore implStore = + policyStore.getSubStore(PROP_IMPL); IConfigStore newStore = implStore.makeSubStore(id); newStore.put(PROP_CLASS, classPath); try { mGlobalStore.commit(true); } catch (Exception e) { - String[] params = {"implementation", id}; + String[] params = { "implementation", id }; throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_ADDING_POLICY_ERROR", params)); @@ -637,7 +635,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor { try { while (enum1.hasMoreElements()) { PolicyInstance instance = - (PolicyInstance) mInstanceTable.get((String) enum1.nextElement()); + (PolicyInstance) mInstanceTable.get((String) enum1.nextElement()); rules.addElement(instance.getRule()); @@ -669,14 +667,14 @@ public class GenericPolicyProcessor implements IPolicyProcessor { public IPolicyRule getPolicyInstance(String id) { PolicyInstance policyInstance = (PolicyInstance) - mInstanceTable.get(id); + mInstanceTable.get(id); return (policyInstance == null) ? null : policyInstance.getRule(); } public Vector<String> getPolicyInstanceConfig(String id) { PolicyInstance policyInstance = (PolicyInstance) - mInstanceTable.get(id); + mInstanceTable.get(id); if (policyInstance == null) return null; @@ -695,24 +693,24 @@ public class GenericPolicyProcessor implements IPolicyProcessor { } public void deletePolicyInstance(String id) - throws EBaseException { + throws EBaseException { // If the rule is a persistent rule, we can't delete it. if (mUndeletablePolicies.containsKey(id)) throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_CANT_DELETE_PERSISTENT_POLICY", id)); - // First check if the instance is present. + // First check if the instance is present. PolicyInstance instance = - (PolicyInstance) mInstanceTable.get(id); + (PolicyInstance) mInstanceTable.get(id); if (instance == null) throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_INSTANCE", id)); IConfigStore policyStore = - mGlobalStore.getSubStore(getPolicySubstoreId()); - IConfigStore instanceStore = - policyStore.getSubStore(PROP_RULE); + mGlobalStore.getSubStore(getPolicySubstoreId()); + IConfigStore instanceStore = + policyStore.getSubStore(PROP_RULE); instanceStore.removeSubStore(id); @@ -732,7 +730,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor { mPolicyOrder.insertElementAt(id, index); Debug.printStackTrace(e); - String[] params = {"instance", id}; + String[] params = { "instance", id }; throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_DELETING_POLICY_ERROR", params)); @@ -751,17 +749,17 @@ public class GenericPolicyProcessor implements IPolicyProcessor { if (rule instanceof IKeyArchivalPolicy) mKeyArchivalRules.removeRule(id); - // Delete the instance + // Delete the instance mInstanceTable.remove(id); } public void addPolicyInstance(String id, Hashtable<String, String> ht) - throws EBaseException { + throws EBaseException { // The instance id should be unique if (getPolicyInstance(id) != null) throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_DUPLICATE_INST_ID", id)); - // There should be an implmentation for this rule. + // There should be an implmentation for this rule. String implName = (String) ht.get(IPolicyRule.PROP_IMPLNAME); // See if there is an implementation with this name. @@ -771,23 +769,23 @@ public class GenericPolicyProcessor implements IPolicyProcessor { throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_NO_POLICY_IMPL", implName)); - // Prepare config file entries. - IConfigStore policyStore = - mGlobalStore.getSubStore(getPolicySubstoreId()); - IConfigStore instanceStore = - policyStore.getSubStore(PROP_RULE); + // Prepare config file entries. + IConfigStore policyStore = + mGlobalStore.getSubStore(getPolicySubstoreId()); + IConfigStore instanceStore = + policyStore.getSubStore(PROP_RULE); IConfigStore newStore = instanceStore.makeSubStore(id); for (Enumeration<String> keys = ht.keys(); keys.hasMoreElements();) { String key = keys.nextElement(); - String val = ht.get(key); + String val = ht.get(key); newStore.put(key, val); } // Set the order string. policyStore.put(PROP_ORDER, - getRuleOrderString(mPolicyOrder, id)); + getRuleOrderString(mPolicyOrder, id)); // Try to initialize this rule. rule.init(this, newStore); @@ -797,10 +795,10 @@ public class GenericPolicyProcessor implements IPolicyProcessor { boolean active = false; if (enabledStr == null || enabledStr.trim().length() == 0 || - enabledStr.equalsIgnoreCase("true")) + enabledStr.equalsIgnoreCase("true")) active = true; - // Set the predicate if any present on the rule. + // Set the predicate if any present on the rule. String predicate = ((String) ht.get(IPolicyRule.PROP_PREDICATE)).trim(); IExpression exp = null; @@ -812,7 +810,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor { try { mGlobalStore.commit(true); } catch (Exception e) { - String[] params = {"instance", id}; + String[] params = { "instance", id }; throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_ADDING_POLICY_ERROR", params)); @@ -835,10 +833,10 @@ public class GenericPolicyProcessor implements IPolicyProcessor { } public void modifyPolicyInstance(String id, Hashtable<String, String> ht) - throws EBaseException { + throws EBaseException { // The instance id should be there already PolicyInstance policyInstance = (PolicyInstance) - mInstanceTable.get(id); + mInstanceTable.get(id); if (policyInstance == null) throw new EPolicyException( @@ -851,38 +849,38 @@ public class GenericPolicyProcessor implements IPolicyProcessor { if (!implId.equals(policyInstance.getImplId())) throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_IMPLCHANGE_ERROR", id)); - - // Make a new rule instance + + // Make a new rule instance IPolicyRule newRule = getPolicyImpl(implId); if (newRule == null) // Can't happen, but just in case.. throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_IMPL", implId)); - - // Try to init this rule. - IConfigStore policyStore = - mGlobalStore.getSubStore(getPolicySubstoreId()); - IConfigStore instanceStore = - policyStore.getSubStore(PROP_RULE); + + // Try to init this rule. + IConfigStore policyStore = + mGlobalStore.getSubStore(getPolicySubstoreId()); + IConfigStore instanceStore = + policyStore.getSubStore(PROP_RULE); IConfigStore oldStore = instanceStore.getSubStore(id); IConfigStore newStore = new PropConfigStore(id); - + // See if the rule is disabled. String enabledStr = (String) ht.get(IPolicyRule.PROP_ENABLE); boolean active = false; if (enabledStr == null || enabledStr.trim().length() == 0 || - enabledStr.equalsIgnoreCase("true")) + enabledStr.equalsIgnoreCase("true")) active = true; - // Set the predicate expression. + // Set the predicate expression. String predicate = ((String) ht.get(IPolicyRule.PROP_PREDICATE)).trim(); IExpression exp = null; if (predicate.trim().length() > 0) exp = PolicyPredicateParser.parse(predicate.trim()); - // See if this a persistent rule. + // See if this a persistent rule. if (mUndeletablePolicies.containsKey(id)) { // A persistent rule can't be disabled. if (!active) { @@ -891,24 +889,24 @@ public class GenericPolicyProcessor implements IPolicyProcessor { } IExpression defPred = (IExpression) - mUndeletablePolicies.get(id); + mUndeletablePolicies.get(id); if (defPred == SimpleExpression.NULL_EXPRESSION) defPred = null; if (exp == null && defPred != null) { - String[] params = {id, defPred.toString(), + String[] params = { id, defPred.toString(), "null" }; throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_PERSISTENT_RULE_MISCONFIG", params)); } else if (exp != null && defPred == null) { - String[] params = {id, "null", exp.toString()}; + String[] params = { id, "null", exp.toString() }; throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_PERSISTENT_RULE_MISCONFIG", params)); } else if (exp != null && defPred != null) { if (!defPred.toString().equals(exp.toString())) { - String[] params = {id, defPred.toString(), + String[] params = { id, defPred.toString(), exp.toString() }; throw new EPolicyException( @@ -921,8 +919,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor { ht.put(IPolicyRule.PROP_ENABLE, String.valueOf(active)); // put old config store parameters first. - for (Enumeration<String> oldkeys = oldStore.keys(); - oldkeys.hasMoreElements();) { + for (Enumeration<String> oldkeys = oldStore.keys(); oldkeys.hasMoreElements();) { String k = (String) oldkeys.nextElement(); String v = (String) oldStore.getString(k); @@ -930,15 +927,14 @@ public class GenericPolicyProcessor implements IPolicyProcessor { } // put modified params. - for (Enumeration<String> newkeys = ht.keys(); - newkeys.hasMoreElements();) { + for (Enumeration<String> newkeys = ht.keys(); newkeys.hasMoreElements();) { String k = (String) newkeys.nextElement(); String v = (String) ht.get(k); Debug.trace("newstore key " + k + "=" + v); if (v != null) { if (!k.equals(Constants.OP_TYPE) && !k.equals(Constants.OP_SCOPE) && - !k.equals(Constants.RS_ID) && !k.equals("RULENAME")) { + !k.equals(Constants.RS_ID) && !k.equals("RULENAME")) { Debug.trace("newstore.put(" + k + "=" + v + ")"); newStore.put(k, v); } @@ -956,10 +952,9 @@ public class GenericPolicyProcessor implements IPolicyProcessor { } */ - // Try to initialize this rule. newRule.init(this, newStore); - + // If we are successfully initialized, replace the rule // instance policyInstance.setRule(newRule); @@ -969,21 +964,21 @@ public class GenericPolicyProcessor implements IPolicyProcessor { if (exp != null) newRule.setPredicate(exp); - // Store the changes in the file. + // Store the changes in the file. try { for (Enumeration<String> e = newStore.keys(); e.hasMoreElements();) { String key = (String) e.nextElement(); if (key != null) { Debug.trace( - "oldstore.put(" + key + "," + - (String) newStore.getString(key) + ")"); + "oldstore.put(" + key + "," + + (String) newStore.getString(key) + ")"); oldStore.put(key, (String) newStore.getString(key)); } } mGlobalStore.commit(true); } catch (Exception e) { - String[] params = {"instance", id}; + String[] params = { "instance", id }; throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_ADDING_POLICY_ERROR", params)); @@ -1018,8 +1013,8 @@ public class GenericPolicyProcessor implements IPolicyProcessor { } public synchronized void changePolicyInstanceOrdering( - String policyOrderStr) - throws EBaseException { + String policyOrderStr) + throws EBaseException { Vector<String> policyOrder = new Vector<String>(); StringTokenizer tokens = new StringTokenizer(policyOrderStr, ","); @@ -1053,9 +1048,9 @@ public class GenericPolicyProcessor implements IPolicyProcessor { String defRuleName = mSystemDefaults[i].substring( mSystemDefaults[i].lastIndexOf('.') + 1); IPolicyRule defRule = (IPolicyRule) - Class.forName(mSystemDefaults[i]).newInstance(); - IConfigStore ruleConfig = - mConfig.getSubStore(PROP_DEF_POLICIES + "." + defRuleName); + Class.forName(mSystemDefaults[i]).newInstance(); + IConfigStore ruleConfig = + mConfig.getSubStore(PROP_DEF_POLICIES + "." + defRuleName); defRule.init(this, ruleConfig); if (defRule instanceof IEnrollmentPolicy) @@ -1072,7 +1067,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor { } } catch (Throwable e) { Debug.printStackTrace(e); - EBaseException ex = new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", + EBaseException ex = new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", "Cannot create default policy rule. Error: " + e.getMessage())); mAuthority.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_POLICY_DEF_CREATE", e.toString())); @@ -1080,17 +1075,16 @@ public class GenericPolicyProcessor implements IPolicyProcessor { } // add rules specified in the new order. - for (Enumeration<String> enum1 = policyOrder.elements(); - enum1.hasMoreElements();) { + for (Enumeration<String> enum1 = policyOrder.elements(); enum1.hasMoreElements();) { String instanceName = (String) enum1.nextElement(); PolicyInstance pInstance = (PolicyInstance) - mInstanceTable.get(instanceName); - + mInstanceTable.get(instanceName); + if (!pInstance.isActive()) continue; - // Add the rule to the policy set according to category if a - // rule is enabled. + // Add the rule to the policy set according to category if a + // rule is enabled. IPolicyRule rule = pInstance.getRule(); if (rule instanceof IEnrollmentPolicy) @@ -1114,8 +1108,8 @@ public class GenericPolicyProcessor implements IPolicyProcessor { mPolicyOrder = policyOrder; // Now change the ordering in the config file. - IConfigStore policyStore = - mGlobalStore.getSubStore(getPolicySubstoreId()); + IConfigStore policyStore = + mGlobalStore.getSubStore(getPolicySubstoreId()); policyStore.put(PROP_ORDER, policyOrderStr); @@ -1165,24 +1159,24 @@ public class GenericPolicyProcessor implements IPolicyProcessor { /** * Initializes the default system policies. Currently there is only * one policy - ManualAuthentication. More may be added later on. - * + * * The default policies may be disabled - for example to over-ride * agent approval for testing the system by setting the following * property in the config file: * - * <subsystemId>.Policy.systemPolicies.enable=false + * <subsystemId>.Policy.systemPolicies.enable=false + * + * By default the value for this property is true. * - * By default the value for this property is true. - * - * Users can over-ride the default system policies by listing their + * Users can over-ride the default system policies by listing their * 'custom' system policies under the following property: * - * <subsystemId>.Policy.systemPolicies=<system policy1 class path>, - * <system policy2 class path> - * + * <subsystemId>.Policy.systemPolicies=<system policy1 class path>, + * <system policy2 class path> + * * There can only be one instance of the system policy in the system - * and will apply to all requests, and hence predicates are not used - * for a system policy. Due to the same reason, these properties are + * and will apply to all requests, and hence predicates are not used + * for a system policy. Due to the same reason, these properties are * not configurable using the Console. * * A System policy may read config properties from a subtree under @@ -1190,10 +1184,10 @@ public class GenericPolicyProcessor implements IPolicyProcessor { * ra.Policy.systemPolicies.ManualAuthentication.param1=value */ private void initSystemPolicies(IConfigStore mConfig) - throws EBaseException { + throws EBaseException { // If system policies are disabled, return. No Deferral of // requests may be done. - String enable = mConfig.getString(PROP_DEF_POLICIES + "." + + String enable = mConfig.getString(PROP_DEF_POLICIES + "." + PROP_ENABLE, "true").trim(); if (enable.equalsIgnoreCase("false")) { @@ -1202,17 +1196,17 @@ public class GenericPolicyProcessor implements IPolicyProcessor { } // Load default policies that are always present. - String configuredDefaults = mConfig.getString(PROP_DEF_POLICIES, + String configuredDefaults = mConfig.getString(PROP_DEF_POLICIES, null); - if (configuredDefaults == null || - configuredDefaults.trim().length() == 0) + if (configuredDefaults == null || + configuredDefaults.trim().length() == 0) mSystemDefaults = DEF_POLICIES; else { Vector<String> rules = new Vector<String>(); - StringTokenizer tokenizer = new - StringTokenizer(configuredDefaults.trim(), ","); - + StringTokenizer tokenizer = new + StringTokenizer(configuredDefaults.trim(), ","); + while (tokenizer.hasMoreTokens()) { String rule = tokenizer.nextToken().trim(); @@ -1221,10 +1215,10 @@ public class GenericPolicyProcessor implements IPolicyProcessor { if (rules.size() > 0) { mSystemDefaults = new String[rules.size()]; rules.copyInto(mSystemDefaults); - } else + } else mSystemDefaults = DEF_POLICIES; } - + // Now Initialize the rules. These defaults have only one // instance and the rule name is the name of the class itself. // Any configuration parameters required could be read from @@ -1239,16 +1233,16 @@ public class GenericPolicyProcessor implements IPolicyProcessor { Object o = Class.forName(mSystemDefaults[i]).newInstance(); if (!(o instanceof IEnrollmentPolicy) && - !(o instanceof IRenewalPolicy) && - !(o instanceof IRevocationPolicy) && - !(o instanceof IKeyRecoveryPolicy) && - !(o instanceof IKeyArchivalPolicy)) + !(o instanceof IRenewalPolicy) && + !(o instanceof IRevocationPolicy) && + !(o instanceof IKeyRecoveryPolicy) && + !(o instanceof IKeyArchivalPolicy)) throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_IMPL", - mSystemDefaults[i])); - + mSystemDefaults[i])); + IPolicyRule rule = (IPolicyRule) o; - + // Initialize the rule. ruleName = mSystemDefaults[i].substring( mSystemDefaults[i].lastIndexOf('.') + 1); @@ -1256,14 +1250,14 @@ public class GenericPolicyProcessor implements IPolicyProcessor { PROP_DEF_POLICIES + "." + ruleName); rule.init(this, ruleConfig); - + // Add the rule to the appropriate PolicySet. addRule(ruleName, rule); } catch (EBaseException e) { throw e; } catch (Exception e) { Debug.printStackTrace(e); - throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_NO_POLICY_IMPL", + throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_NO_POLICY_IMPL", ruleName)); } } @@ -1271,101 +1265,101 @@ public class GenericPolicyProcessor implements IPolicyProcessor { /** * Read list of undeletable policies if any configured in the - * system. - * + * system. + * * These are required to protect the system from being misconfigured * to the point that the requests wouldn't serialize or certain - * fields in the certificate(s) being checked will go unchecked + * fields in the certificate(s) being checked will go unchecked * ..etc. - * - * For now the following policies are undeletable: - * - * DirAuthRule: This is a default DirectoryAuthentication policy - * for user certificates that interprets directory - * credentials. The presence of this policy is needed - * if the OOTB DirectoryAuthentication-based automatic - * certificate issuance is supported. - * - * DefaultUserNameRule: This policy verifies/sets subjectDn for user - * certificates. - * - * DefaultServerNameRule: This policy verifies/sets subjectDn for - * server certificates. - * - * DefaultValidityRule: Verifies/sets validty for all certificates. - * - * DefaultRenewalValidityRule: Verifies/sets validity for certs being - * renewed. - * - * The 'undeletables' cannot be deleted from the config file, nor - * can the be disabled. If any predicates are associated with them - * the predicates can't be changed either. But, other config parameters - * such as maxValidity, renewalInterval ..etc can be changed to suit - * local policy requirements. - * - * During start up the policy processor will verify if the undeletables - * are present, and that they are enabled and that their predicates are - * not changed. - * - * The rules mentioned above are currently hard coded. If these need to - * read from the config file, the 'undeletables' can be configured as - * as follows: - * - * <subsystemId>.Policy.undeletablePolicies=<comma separated rule names> - * Example: - * ra.Policy.undeletablePolicies=DirAuthRule, DefaultUserNameRule, DefaultServerNameRule, DefaultValidityRule, DefaultRenewalValidityRule - * - * The predicates if any associated with them may be configured as - * follows: - * <subsystemId>.Policy.undeletablePolicies.DirAuthRule.predicate= certType == client. - * - * where subsystemId is ra or ca. - * + * + * For now the following policies are undeletable: + * + * DirAuthRule: This is a default DirectoryAuthentication policy + * for user certificates that interprets directory + * credentials. The presence of this policy is needed + * if the OOTB DirectoryAuthentication-based automatic + * certificate issuance is supported. + * + * DefaultUserNameRule: This policy verifies/sets subjectDn for user + * certificates. + * + * DefaultServerNameRule: This policy verifies/sets subjectDn for + * server certificates. + * + * DefaultValidityRule: Verifies/sets validty for all certificates. + * + * DefaultRenewalValidityRule: Verifies/sets validity for certs being + * renewed. + * + * The 'undeletables' cannot be deleted from the config file, nor + * can the be disabled. If any predicates are associated with them + * the predicates can't be changed either. But, other config parameters + * such as maxValidity, renewalInterval ..etc can be changed to suit + * local policy requirements. + * + * During start up the policy processor will verify if the undeletables + * are present, and that they are enabled and that their predicates are + * not changed. + * + * The rules mentioned above are currently hard coded. If these need to + * read from the config file, the 'undeletables' can be configured as + * as follows: + * + * <subsystemId>.Policy.undeletablePolicies=<comma separated rule names> + * Example: + * ra.Policy.undeletablePolicies=DirAuthRule, DefaultUserNameRule, DefaultServerNameRule, DefaultValidityRule, DefaultRenewalValidityRule + * + * The predicates if any associated with them may be configured as + * follows: + * <subsystemId>.Policy.undeletablePolicies.DirAuthRule.predicate= certType == client. + * + * where subsystemId is ra or ca. + * * If the undeletables are configured in the file,the configured entries - * take precedence over the hardcoded ones in this file. If you are - * configuring them in the file, please remember to configure the + * take precedence over the hardcoded ones in this file. If you are + * configuring them in the file, please remember to configure the * predicates if applicable. - * + * * During policy configuration from MCC, the policy processor will not - * let you delete an 'undeletable', nor will it let you disable it. + * let you delete an 'undeletable', nor will it let you disable it. * You will not be able to change the predicate either. Other parameters * can be configured as needed. - * - * If a particular rule needs to be removed from the 'undeletables', + * + * If a particular rule needs to be removed from the 'undeletables', * either remove it from the hard coded list above, or configure the - * rules required rules only via the config file. The former needs + * rules required rules only via the config file. The former needs * recompilation of the source. The later is flexible to be able to * make any rule an 'undeletable' or nor an 'undeletable'. - * - * Example: We want to use only manual forms for enrollment. + * + * Example: We want to use only manual forms for enrollment. * We do n't need to burn in DirAuthRule. We need to configure all * other rules except the DirAuthRule as follows: - * - * ra.Policy.undeletablePolicies = DefaultUserNameRule, DefaultServerNameRule, DefaultValidityRule, DefaultRenewalValidityRule - * + * + * ra.Policy.undeletablePolicies = DefaultUserNameRule, DefaultServerNameRule, DefaultValidityRule, DefaultRenewalValidityRule + * * The following predicates are necessary: - * - * ra.Policy.undeletablePolicies.DefaultUserNameRule.predicate = certType == client - * ra.Policy.undeletablePolicies.DefaultServerNameRule.predicate = certType == server - * - * The other two rules do not have any predicates. + * + * ra.Policy.undeletablePolicies.DefaultUserNameRule.predicate = certType == client + * ra.Policy.undeletablePolicies.DefaultServerNameRule.predicate = certType == server + * + * The other two rules do not have any predicates. */ private void initUndeletablePolicies(IConfigStore mConfig) - throws EBaseException { + throws EBaseException { // Read undeletable policies if any configured. - String configuredUndeletables = - mConfig.getString(PROP_UNDELETABLE_POLICIES, null); + String configuredUndeletables = + mConfig.getString(PROP_UNDELETABLE_POLICIES, null); - if (configuredUndeletables == null || - configuredUndeletables.trim().length() == 0) { + if (configuredUndeletables == null || + configuredUndeletables.trim().length() == 0) { mUndeletablePolicies = DEF_UNDELETABLE_POLICIES; return; } Vector<String> rules = new Vector<String>(); - StringTokenizer tokenizer = new - StringTokenizer(configuredUndeletables.trim(), ","); - + StringTokenizer tokenizer = new + StringTokenizer(configuredUndeletables.trim(), ","); + while (tokenizer.hasMoreTokens()) { String rule = tokenizer.nextToken().trim(); @@ -1382,13 +1376,13 @@ public class GenericPolicyProcessor implements IPolicyProcessor { mUndeletablePolicies = new Hashtable<String, IExpression>(); for (Enumeration<String> e = rules.elements(); e.hasMoreElements();) { String urn = (String) e.nextElement(); - + // See if there is predicate in the file String pred = mConfig.getString(PROP_UNDELETABLE_POLICIES + "." + urn + "." + PROP_PREDICATE, null); - + IExpression exp = SimpleExpression.NULL_EXPRESSION; - + if (pred != null) exp = PolicyPredicateParser.parse(pred); mUndeletablePolicies.put(urn, exp); @@ -1423,12 +1417,11 @@ public class GenericPolicyProcessor implements IPolicyProcessor { } private void verifyDefaultPolicyConfig() - throws EPolicyException { + throws EPolicyException { // For each policy in undeletable list make sure that // the policy is present, is not disabled and its predicate // is not tampered with. - for (Enumeration<String> e = mUndeletablePolicies.keys(); - e.hasMoreElements();) { + for (Enumeration<String> e = mUndeletablePolicies.keys(); e.hasMoreElements();) { String urn = (String) e.nextElement(); // See if the rule is in the instance table. @@ -1438,14 +1431,14 @@ public class GenericPolicyProcessor implements IPolicyProcessor { throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_MISSING_PERSISTENT_RULE", urn)); - // See if the instance is disabled. + // See if the instance is disabled. if (!inst.isActive()) throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_PERSISTENT_RULE_INACTIVE", urn)); - // See if the predicated is misconfigured. + // See if the predicated is misconfigured. IExpression defPred = (IExpression) - mUndeletablePolicies.get(urn); + mUndeletablePolicies.get(urn); // We used SimpleExpression.NULL_EXPRESSION to indicate a null. if (defPred == SimpleExpression.NULL_EXPRESSION) @@ -1453,19 +1446,19 @@ public class GenericPolicyProcessor implements IPolicyProcessor { IExpression confPred = inst.getRule().getPredicate(); if (defPred == null && confPred != null) { - String[] params = {urn, "null", confPred.toString()}; + String[] params = { urn, "null", confPred.toString() }; throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_PERSISTENT_RULE_MISCONFIG", params)); } else if (defPred != null && confPred == null) { - String[] params = {urn, defPred.toString(), "null"}; + String[] params = { urn, defPred.toString(), "null" }; throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_PERSISTENT_RULE_MISCONFIG", params)); } else if (defPred != null && confPred != null) { if (!defPred.toString().equals(confPred.toString())) { - String[] params = {urn, defPred.toString(), - confPred.toString()}; + String[] params = { urn, defPred.toString(), + confPred.toString() }; throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_PERSISTENT_RULE_MISCONFIG", params)); @@ -1475,31 +1468,29 @@ public class GenericPolicyProcessor implements IPolicyProcessor { } } - /** * Class to keep track of various configurable implementations. */ class RegisteredPolicy { String mId; String mClPath; - public RegisteredPolicy (String id, String clPath) { + + public RegisteredPolicy(String id, String clPath) { if (id == null || clPath == null) - throw new - AssertionException("Policy id or classpath can't be null"); + throw new AssertionException("Policy id or classpath can't be null"); mId = id; mClPath = clPath; } - + public String getClassPath() { return mClPath; } - + public String getId() { return mId; } } - class PolicyInstance { String mInstanceId; String mImplId; @@ -1507,7 +1498,7 @@ class PolicyInstance { boolean mIsEnabled; public PolicyInstance(String instanceId, String implId, - IPolicyRule rule, boolean isEnabled) { + IPolicyRule rule, boolean isEnabled) { mInstanceId = instanceId; mImplId = implId; mRule = rule; @@ -1543,9 +1534,8 @@ class PolicyInstance { public void setActive(boolean stat) { mIsEnabled = stat; } - + public void setRule(IPolicyRule newRule) { mRule = newRule; } -} - +} diff --git a/pki/base/common/src/com/netscape/cmscore/policy/JavaScriptRequestProxy.java b/pki/base/common/src/com/netscape/cmscore/policy/JavaScriptRequestProxy.java index fde12d04f..e9a7371d9 100644 --- a/pki/base/common/src/com/netscape/cmscore/policy/JavaScriptRequestProxy.java +++ b/pki/base/common/src/com/netscape/cmscore/policy/JavaScriptRequestProxy.java @@ -17,14 +17,13 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.policy; - import com.netscape.certsrv.policy.IPolicyRule; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; - public class JavaScriptRequestProxy { IRequest req; + public JavaScriptRequestProxy(IRequest r) { req = r; } @@ -42,4 +41,3 @@ public class JavaScriptRequestProxy { } } - diff --git a/pki/base/common/src/com/netscape/cmscore/policy/OrExpression.java b/pki/base/common/src/com/netscape/cmscore/policy/OrExpression.java index f1bb6457a..ec461fb9a 100644 --- a/pki/base/common/src/com/netscape/cmscore/policy/OrExpression.java +++ b/pki/base/common/src/com/netscape/cmscore/policy/OrExpression.java @@ -17,38 +17,38 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.policy; - import com.netscape.certsrv.policy.EPolicyException; import com.netscape.certsrv.policy.IExpression; import com.netscape.certsrv.request.IRequest; - /** * This class represents an Or expression of the form * (var1 op val1 OR var2 op val2). - * + * * Expressions are used as predicates for policy selection. - * + * * @author kanda * @version $Revision$, $Date$ */ public class OrExpression implements IExpression { private IExpression mExp1; private IExpression mExp2; + public OrExpression(IExpression exp1, IExpression exp2) { mExp1 = exp1; mExp2 = exp2; } public boolean evaluate(IRequest req) - throws EPolicyException { + throws EPolicyException { if (mExp1 == null && mExp2 == null) return true; else if (mExp1 != null && mExp2 != null) return mExp1.evaluate(req) || mExp2.evaluate(req); else if (mExp1 != null && mExp2 == null) return mExp1.evaluate(req); - else // (mExp1 == null && mExp2 != null) + else + // (mExp1 == null && mExp2 != null) return mExp2.evaluate(req); } @@ -59,7 +59,8 @@ public class OrExpression implements IExpression { return mExp1.toString() + " OR " + mExp2.toString(); else if (mExp1 != null && mExp2 == null) return mExp1.toString(); - else // (mExp1 == null && mExp2 != null) + else + // (mExp1 == null && mExp2 != null) return mExp2.toString(); } } diff --git a/pki/base/common/src/com/netscape/cmscore/policy/PolicyPredicateParser.java b/pki/base/common/src/com/netscape/cmscore/policy/PolicyPredicateParser.java index 0f00e8151..af69e6a89 100644 --- a/pki/base/common/src/com/netscape/cmscore/policy/PolicyPredicateParser.java +++ b/pki/base/common/src/com/netscape/cmscore/policy/PolicyPredicateParser.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.policy; - import java.util.Enumeration; import java.util.Hashtable; import java.util.Vector; @@ -29,19 +28,18 @@ import com.netscape.certsrv.policy.EPolicyException; import com.netscape.certsrv.policy.IExpression; import com.netscape.cmscore.util.Debug; - /** * Default implementation of predicate parser. - * + * * Limitations: - * - * 1. Currently parentheses are not suported. - * 2. Only ==, != <, >, <= and >= operators are supported. - * 3. The only boolean operators supported are AND and OR. AND takes precedence - * over OR. Example: a AND b OR e OR c AND d - * is treated as (a AND b) OR e OR (c AND d) - * 4. If this is n't adequate, roll your own. - * + * + * 1. Currently parentheses are not suported. + * 2. Only ==, != <, >, <= and >= operators are supported. + * 3. The only boolean operators supported are AND and OR. AND takes precedence + * over OR. Example: a AND b OR e OR c AND d + * is treated as (a AND b) OR e OR (c AND d) + * 4. If this is n't adequate, roll your own. + * * @author kanda * @version $Revision$, $Date$ */ @@ -57,22 +55,22 @@ public class PolicyPredicateParser { /** * Parse the predicate expression and return a vector of expressions. - * - * @param predicateExp The predicate expression as read from the config file. - * @return expVector The vector of expressions. + * + * @param predicateExp The predicate expression as read from the config file. + * @return expVector The vector of expressions. */ public static IExpression parse(String predicateExpression) - throws EPolicyException { - if (predicateExpression == null || - predicateExpression.length() == 0) + throws EPolicyException { + if (predicateExpression == null || + predicateExpression.length() == 0) return null; PredicateTokenizer pt = new PredicateTokenizer(predicateExpression); if (pt == null || !pt.hasMoreTokens()) return null; - // The first token cannot be an operator. We are not dealing with - // reverse-polish notation. + // The first token cannot be an operator. We are not dealing with + // reverse-polish notation. String token = pt.nextToken(); boolean opANDSeen; boolean opORSeen; @@ -92,7 +90,7 @@ public class PolicyPredicateParser { int curType = getOP(token); if ((prevType != EXPRESSION && curType != EXPRESSION) || - (prevType == EXPRESSION && curType == EXPRESSION)) { + (prevType == EXPRESSION && curType == EXPRESSION)) { malformed = true; break; } @@ -123,7 +121,7 @@ public class PolicyPredicateParser { Debug.trace("Malformed expression: " + predicateExpression); throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_BAD_POLICY_EXPRESSION", - predicateExpression)); + predicateExpression)); } // Form an ORExpression @@ -135,7 +133,7 @@ public class PolicyPredicateParser { if (size == 0) return null; OrExpression orExp = new - OrExpression((IExpression) expSet.elementAt(0), null); + OrExpression((IExpression) expSet.elementAt(0), null); for (int i = 1; i < size; i++) orExp = new OrExpression(orExp, @@ -153,7 +151,7 @@ public class PolicyPredicateParser { } private static IExpression parseExpression(String input) - throws EPolicyException { + throws EPolicyException { // If the expression has multiple parts separated by commas // we need to construct an AND expression. Else we will return a // simple expression. @@ -166,8 +164,8 @@ public class PolicyPredicateParser { while (commaIndex > 0) { SimpleExpression exp = (SimpleExpression) - SimpleExpression.parse(input.substring(currentIndex, - commaIndex)); + SimpleExpression.parse(input.substring(currentIndex, + commaIndex)); expVector.addElement(exp); currentIndex = commaIndex + 1; @@ -175,7 +173,7 @@ public class PolicyPredicateParser { } if (currentIndex < (input.length() - 1)) { SimpleExpression exp = (SimpleExpression) - SimpleExpression.parse(input.substring(currentIndex)); + SimpleExpression.parse(input.substring(currentIndex)); expVector.addElement(exp); } @@ -194,79 +192,77 @@ public class PolicyPredicateParser { public static void main(String[] args) { /********* - IRequest req = new IRequest(); - try - { - req.set("ou", "people"); - req.set("cn", "John Doe"); - req.set("uid", "jdoes"); - req.set("o", "airius.com"); - req.set("certtype", "client"); - req.set("request", "issuance"); - req.set("id", new Integer(10)); - req.set("dualcerts", new Boolean(true)); - - Vector v = new Vector(); - v.addElement("one"); - v.addElement("two"); - v.addElement("three"); - req.set("count", v); - } - catch (Exception e){e.printStackTrace();} - String[] array = { "ou == people AND certtype == client", - "ou == servergroup AND certtype == server", - "uid == jdoes, ou==people, o==airius.com OR ou == people AND certType == client OR certType == server AND cn == needles.mcom.com", - }; - for (int i = 0; i < array.length; i++) - { - System.out.println(); - System.out.println("String: " + array[i]); - IExpression exp = null; - try - { - exp = parse(array[i]); - if (exp != null) - { - System.out.println("Parsed Expression: " + exp); - boolean result = exp.evaluate(req); - System.out.println("Result: " + result); - } - } - catch (Exception e) {e.printStackTrace(); } - } - - - try - { - BufferedReader rdr = new BufferedReader( - new FileReader(args[0])); - String line; - while((line=rdr.readLine()) != null) - { - System.out.println(); - System.out.println("Line Read: " + line); - IExpression exp = null; - try - { - exp = parse(line); - if (exp != null) - { - System.out.println(exp); - boolean result = exp.evaluate(req); - System.out.println("Result: " + result); - } - - }catch (Exception e){e.printStackTrace();} - } - } - catch (Exception e){e.printStackTrace(); } - + * IRequest req = new IRequest(); + * try + * { + * req.set("ou", "people"); + * req.set("cn", "John Doe"); + * req.set("uid", "jdoes"); + * req.set("o", "airius.com"); + * req.set("certtype", "client"); + * req.set("request", "issuance"); + * req.set("id", new Integer(10)); + * req.set("dualcerts", new Boolean(true)); + * + * Vector v = new Vector(); + * v.addElement("one"); + * v.addElement("two"); + * v.addElement("three"); + * req.set("count", v); + * } + * catch (Exception e){e.printStackTrace();} + * String[] array = { "ou == people AND certtype == client", + * "ou == servergroup AND certtype == server", + * "uid == jdoes, ou==people, o==airius.com OR ou == people AND certType == client OR certType == server AND cn == needles.mcom.com", + * }; + * for (int i = 0; i < array.length; i++) + * { + * System.out.println(); + * System.out.println("String: " + array[i]); + * IExpression exp = null; + * try + * { + * exp = parse(array[i]); + * if (exp != null) + * { + * System.out.println("Parsed Expression: " + exp); + * boolean result = exp.evaluate(req); + * System.out.println("Result: " + result); + * } + * } + * catch (Exception e) {e.printStackTrace(); } + * } + * + * + * try + * { + * BufferedReader rdr = new BufferedReader( + * new FileReader(args[0])); + * String line; + * while((line=rdr.readLine()) != null) + * { + * System.out.println(); + * System.out.println("Line Read: " + line); + * IExpression exp = null; + * try + * { + * exp = parse(line); + * if (exp != null) + * { + * System.out.println(exp); + * boolean result = exp.evaluate(req); + * System.out.println("Result: " + result); + * } + * + * }catch (Exception e){e.printStackTrace();} + * } + * } + * catch (Exception e){e.printStackTrace(); } *******/ } } - class PredicateTokenizer { String input; int currentIndex; @@ -348,30 +344,30 @@ class PredicateTokenizer { } } - class AttributeSet implements IAttrSet { /** * */ private static final long serialVersionUID = -3985810281989018413L; Hashtable ht = new Hashtable(); + public AttributeSet() { } public void delete(String name) - throws EBaseException { + throws EBaseException { Object ob = ht.get(name); ht.remove(ob); } public Object get(String name) - throws EBaseException { + throws EBaseException { return ht.get(name); } public void set(String name, Object ob) - throws EBaseException { + throws EBaseException { ht.put(name, ob); } diff --git a/pki/base/common/src/com/netscape/cmscore/policy/PolicySet.java b/pki/base/common/src/com/netscape/cmscore/policy/PolicySet.java index 24918a336..ca629b4be 100644 --- a/pki/base/common/src/com/netscape/cmscore/policy/PolicySet.java +++ b/pki/base/common/src/com/netscape/cmscore/policy/PolicySet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.policy; - import java.util.Enumeration; import java.util.Vector; @@ -30,11 +29,10 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cmscore.util.Debug; - /** * Implements a policy set per IPolicySet interface. This class * uses a vector of ordered policies to enforce priority. - * + * * @author kanda * @version $Revision$, $Date$ */ @@ -51,7 +49,7 @@ public class PolicySet implements IPolicySet { /** * Returns the name of the rule set. * <P> - * + * * @return The name of the rule set. */ public String getName() { @@ -61,6 +59,7 @@ public class PolicySet implements IPolicySet { /** * Returns the no of rules in a set. * <P> + * * @return the no of rules. */ public int count() { @@ -70,9 +69,9 @@ public class PolicySet implements IPolicySet { /** * Add a policy rule. * <P> - * - * @param ruleName The name of the rule to be added. - * @param rule The rule to be added. + * + * @param ruleName The name of the rule to be added. + * @param rule The rule to be added. */ public void addRule(String ruleName, IPolicyRule rule) { if (mRuleNames.indexOf(ruleName) >= 0) @@ -88,9 +87,9 @@ public class PolicySet implements IPolicySet { /** * Remplaces a policy rule identified by the given name. - * - * @param name The name of the rule to be replaced. - * @param rule The rule to be replaced. + * + * @param name The name of the rule to be replaced. + * @param rule The rule to be replaced. */ public void replaceRule(String ruleName, IPolicyRule rule) { int index = mRuleNames.indexOf(ruleName); @@ -99,22 +98,22 @@ public class PolicySet implements IPolicySet { addRule(ruleName, rule); return; } - + mRuleNames.setElementAt(ruleName, index); mRules.setElementAt(rule, index); } /** * Removes a policy rule identified by the given name. - * - * @param name The name of the rule to be removed. + * + * @param name The name of the rule to be removed. */ public void removeRule(String ruleName) { int index = mRuleNames.indexOf(ruleName); if (index < 0) return; // XXX - throw an exception. - + mRuleNames.removeElementAt(index); mRules.removeElementAt(index); } @@ -122,8 +121,8 @@ public class PolicySet implements IPolicySet { /** * Returns the rule identified by a given name. * <P> - * - * @param name The name of the rule to be return. + * + * @param name The name of the rule to be return. * @return The rule identified by the given name or null if none exists. */ public IPolicyRule getRule(String ruleName) { @@ -137,7 +136,7 @@ public class PolicySet implements IPolicySet { /** * Returns an enumeration of rules. * <P> - * + * * @return An enumeration of rules. */ public Enumeration<IPolicyRule> getRules() { @@ -147,8 +146,8 @@ public class PolicySet implements IPolicySet { /** * Apply policies on a given request from a rule set. * The rules may modify the request. - * - * @param req The request to apply policies on. + * + * @param req The request to apply policies on. * @return the PolicyResult. */ public PolicyResult apply(IRequest req) { @@ -158,11 +157,11 @@ public class PolicySet implements IPolicySet { if ((cnt = mRules.size()) == 0) return PolicyResult.ACCEPTED; - // All policies are applied before returning the result. Hence - // if atleast one of the policies returns a REJECTED, we need to - // return that status. If none of the policies REJECTED - // the request, but atleast one of them DEFERRED the request, we - // need to return DEFERRED. + // All policies are applied before returning the result. Hence + // if atleast one of the policies returns a REJECTED, we need to + // return that status. If none of the policies REJECTED + // the request, but atleast one of them DEFERRED the request, we + // need to return DEFERRED. boolean rejected = false; boolean deferred = false; int size = mRules.size(); @@ -182,7 +181,7 @@ public class PolicySet implements IPolicySet { e.printStackTrace(); } - if (!typeMatched(rule, req)) + if (!typeMatched(rule, req)) continue; try { @@ -200,16 +199,16 @@ public class PolicySet implements IPolicySet { // we pass that info down the chain. For now use S_OTHER // as the system id for the log entry. mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_POLICY_REJECT_RESULT", req.getRequestId().toString(), name)); + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_POLICY_REJECT_RESULT", req.getRequestId().toString(), name)); rejected = true; } else if (result == PolicyResult.DEFERRED) { // It is hard to find out the owner at the moment unless // we pass that info down the chain. For now use S_OTHER // as the system id for the log entry. mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_WARN, - CMS.getLogMessage("CMSCORE_POLICY_DEFER_RESULT", req.getRequestId().toString(), name)); + ILogger.LL_WARN, + CMS.getLogMessage("CMSCORE_POLICY_DEFER_RESULT", req.getRequestId().toString(), name)); deferred = true; } else if (result == PolicyResult.ACCEPTED) { // It is hard to find out the owner at the moment unless @@ -221,9 +220,9 @@ public class PolicySet implements IPolicySet { // we pass that info down the chain. For now use S_OTHER // as the system id for the log entry. mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_INFO, - "policy: Request " + req.getRequestId() + " - Result of applying rule: " + name + - " is: " + getPolicyResult(result)); + ILogger.LL_INFO, + "policy: Request " + req.getRequestId() + " - Result of applying rule: " + name + + " is: " + getPolicyResult(result)); } } catch (Throwable ex) { // Customer can install his own policies. @@ -231,14 +230,14 @@ public class PolicySet implements IPolicySet { // catch those problems and report // them to the log mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_POLICY_ERROR_RESULT", req.getRequestId().toString(), name, ex.toString())); + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_POLICY_ERROR_RESULT", req.getRequestId().toString(), name, ex.toString())); // treat as rejected to prevent request from going into // a weird state. request queue doesn't handle this case. rejected = true; ((IPolicyRule) rule).setError( - req, - CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", rule.getName(), ex.toString()), null); + req, + CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", rule.getName(), ex.toString()), null); } } @@ -248,9 +247,9 @@ public class PolicySet implements IPolicySet { return PolicyResult.DEFERRED; } else { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_INFO, - "Request " + req.getRequestId() + - " Policy result: successful"); + ILogger.LL_INFO, + "Request " + req.getRequestId() + + " Policy result: successful"); return PolicyResult.ACCEPTED; } } @@ -267,7 +266,7 @@ public class PolicySet implements IPolicySet { System.out.println("Rule Name: " + ruleName); System.out.println("Implementation: " + - mRules.elementAt(index).getClass().getName()); + mRules.elementAt(index).getClass().getName()); } } @@ -295,4 +294,3 @@ public class PolicySet implements IPolicySet { return false; } } - diff --git a/pki/base/common/src/com/netscape/cmscore/policy/SimpleExpression.java b/pki/base/common/src/com/netscape/cmscore/policy/SimpleExpression.java index 5e6458be2..acb2c0d6b 100644 --- a/pki/base/common/src/com/netscape/cmscore/policy/SimpleExpression.java +++ b/pki/base/common/src/com/netscape/cmscore/policy/SimpleExpression.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.policy; - import java.util.Enumeration; import java.util.Vector; @@ -28,13 +27,12 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.cmscore.util.AssertionException; import com.netscape.cmscore.util.Debug; - /** * This class represents an expression of the form var = val, * var != val, var < val, var > val, var <= val, var >= val. - * + * * Expressions are used as predicates for policy selection. - * + * * @author kanda * @version $Revision$, $Date$ */ @@ -51,7 +49,7 @@ public class SimpleExpression implements IExpression { public static SimpleExpression NULL_EXPRESSION = new SimpleExpression("null", OP_EQUAL, "null"); public static IExpression parse(String input) - throws EPolicyException { + throws EPolicyException { // Get the index of operator // Debug.trace("SimpleExpression::input: " + input); String var = null; @@ -118,19 +116,19 @@ public class SimpleExpression implements IExpression { } public boolean evaluate(IRequest req) - throws EPolicyException { + throws EPolicyException { // mPfx and mVar are looked up case-indendently String givenVal = req.getExtDataInString(mPfx, mVar); if (Debug.ON) - Debug.trace("mPfx: " + mPfx + " mVar: " + mVar + - ",Given Value: " + givenVal + ", Value to compare with: " + mVal); + Debug.trace("mPfx: " + mPfx + " mVar: " + mVar + + ",Given Value: " + givenVal + ", Value to compare with: " + mVal); return matchValue(givenVal); } private boolean matchVector(Vector value) - throws EPolicyException { + throws EPolicyException { boolean result = false; Enumeration e = (Enumeration) value.elements(); @@ -143,7 +141,7 @@ public class SimpleExpression implements IExpression { } private boolean matchStringArray(String[] value) - throws EPolicyException { + throws EPolicyException { boolean result = false; for (int i = 0; i < value.length; i++) { @@ -155,23 +153,23 @@ public class SimpleExpression implements IExpression { } private boolean matchValue(Object value) - throws EPolicyException { + throws EPolicyException { boolean result; // There is nothing to compare with! if (value == null) return false; - // XXX - Kanda: We need a better way of handling this!. + // XXX - Kanda: We need a better way of handling this!. if (value instanceof String) result = matchStringValue((String) value); else if (value instanceof Integer) result = matchIntegerValue((Integer) value); else if (value instanceof Boolean) result = matchBooleanValue((Boolean) value); - else if (value instanceof Vector) + else if (value instanceof Vector) result = matchVector((Vector) value); - else if (value instanceof String[]) + else if (value instanceof String[]) result = matchStringArray((String[]) value); else throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_INVALID_ATTR_VALUE", @@ -180,7 +178,7 @@ public class SimpleExpression implements IExpression { } private boolean matchStringValue(String givenVal) - throws EPolicyException { + throws EPolicyException { boolean result; switch (mOp) { @@ -221,7 +219,7 @@ public class SimpleExpression implements IExpression { } private boolean matchIntegerValue(Integer intVal) - throws EPolicyException { + throws EPolicyException { boolean result; int storedVal; int givenVal = intVal.intValue(); @@ -264,12 +262,11 @@ public class SimpleExpression implements IExpression { } private boolean matchBooleanValue(Boolean givenVal) - throws EPolicyException { + throws EPolicyException { boolean result; Boolean storedVal; - if (!(mVal.equalsIgnoreCase("true") || - mVal.equalsIgnoreCase("false"))) + if (!(mVal.equalsIgnoreCase("true") || mVal.equalsIgnoreCase("false"))) throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_INVALID_ATTR_VALUE", mVal)); storedVal = new Boolean(mVal); @@ -320,9 +317,9 @@ public class SimpleExpression implements IExpression { op = IExpression.LE_STR; break; } - if (mPfx != null && mPfx.length() > 0) + if (mPfx != null && mPfx.length() > 0) return mPfx + "." + mVar + " " + op + " " + mVal; - else + else return mVar + " " + op + " " + mVal; } @@ -411,7 +408,6 @@ public class SimpleExpression implements IExpression { } } - class ExpressionComps { String attr; int op; @@ -435,4 +431,3 @@ class ExpressionComps { return val; } } - |