From 1d85941aa2f80f3da619504fe4310fe47cb5b036 Mon Sep 17 00:00:00 2001 From: Andrew Wnuk Date: Thu, 2 Aug 2012 15:48:56 -0700 Subject: ECC directory enrollment profile This patch adds ECC directory enrollment profile. Bug: 748514. --- base/ca/shared/profiles/ca/caECDirUserCert.cfg | 99 ++++++++++++++++++++++++++ 1 file changed, 99 insertions(+) create mode 100644 base/ca/shared/profiles/ca/caECDirUserCert.cfg (limited to 'base/ca/shared/profiles/ca/caECDirUserCert.cfg') diff --git a/base/ca/shared/profiles/ca/caECDirUserCert.cfg b/base/ca/shared/profiles/ca/caECDirUserCert.cfg new file mode 100644 index 000000000..73907f547 --- /dev/null +++ b/base/ca/shared/profiles/ca/caECDirUserCert.cfg @@ -0,0 +1,99 @@ +desc=This certificate profile is for enrolling user certificates with directory-based authentication. +visible=true +enable=true +enableBy=admin +name=Directory-Authenticated User Dual-Use ECC Certificate Enrollment +auth.instance_id=UserDirEnrollment +input.list=i1 +input.i1.class_id=keyGenInputImpl +output.list=o1 +output.o1.class_id=certOutputImpl +policyset.list=userCertSet +policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9 +policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl +policyset.userCertSet.1.constraint.name=Subject Name Constraint +policyset.userCertSet.1.constraint.params.pattern=UID=.* +policyset.userCertSet.1.constraint.params.accept=true +policyset.userCertSet.1.default.class_id=authTokenSubjectNameDefaultImpl +policyset.userCertSet.1.default.name=Subject Name Default +policyset.userCertSet.1.default.params.name= +policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl +policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint +policyset.userCertSet.10.constraint.params.renewal.graceBefore=30 +policyset.userCertSet.10.constraint.params.renewal.graceAfter=30 +policyset.userCertSet.10.default.class_id=noDefaultImpl +policyset.userCertSet.10.default.name=No Default +policyset.userCertSet.2.constraint.class_id=validityConstraintImpl +policyset.userCertSet.2.constraint.name=Validity Constraint +policyset.userCertSet.2.constraint.params.range=365 +policyset.userCertSet.2.constraint.params.notBeforeCheck=false +policyset.userCertSet.2.constraint.params.notAfterCheck=false +policyset.userCertSet.2.default.class_id=validityDefaultImpl +policyset.userCertSet.2.default.name=Validity Default +policyset.userCertSet.2.default.params.range=180 +policyset.userCertSet.2.default.params.startTime=0 +policyset.userCertSet.3.constraint.class_id=keyConstraintImpl +policyset.userCertSet.3.constraint.name=Key Constraint +policyset.userCertSet.3.constraint.params.keyType=EC +policyset.userCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521 +policyset.userCertSet.3.default.class_id=userKeyDefaultImpl +policyset.userCertSet.3.default.name=Key Default +policyset.userCertSet.4.constraint.class_id=noConstraintImpl +policyset.userCertSet.4.constraint.name=No Constraint +policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.userCertSet.4.default.name=Authority Key Identifier Default +policyset.userCertSet.5.constraint.class_id=noConstraintImpl +policyset.userCertSet.5.constraint.name=No Constraint +policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl +policyset.userCertSet.5.default.name=AIA Extension Default +policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true +policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName +policyset.userCertSet.5.default.params.authInfoAccessADLocation_0= +policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.userCertSet.5.default.params.authInfoAccessCritical=false +policyset.userCertSet.5.default.params.authInfoAccessNumADs=1 +policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl +policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint +policyset.userCertSet.6.constraint.params.keyUsageCritical=true +policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true +policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true +policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false +policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true +policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false +policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false +policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false +policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false +policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false +policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl +policyset.userCertSet.6.default.name=Key Usage Default +policyset.userCertSet.6.default.params.keyUsageCritical=true +policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true +policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true +policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false +policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true +policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false +policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false +policyset.userCertSet.6.default.params.keyUsageCrlSign=false +policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false +policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false +policyset.userCertSet.7.constraint.class_id=noConstraintImpl +policyset.userCertSet.7.constraint.name=No Constraint +policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl +policyset.userCertSet.7.default.name=Extended Key Usage Extension Default +policyset.userCertSet.7.default.params.exKeyUsageCritical=false +policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 +policyset.userCertSet.8.constraint.class_id=noConstraintImpl +policyset.userCertSet.8.constraint.name=No Constraint +policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl +policyset.userCertSet.8.default.name=Subject Alt Name Constraint +policyset.userCertSet.8.default.params.subjAltNameExtCritical=false +policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name +policyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$ +policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true +policyset.userCertSet.8.default.params.subjAltNameNumGNs=1 +policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl +policyset.userCertSet.9.constraint.name=No Constraint +policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC +policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl +policyset.userCertSet.9.default.name=Signing Alg +policyset.userCertSet.9.default.params.signingAlg=- -- cgit