From 621d9e5c413e561293d7484b93882d985b3fe15f Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Sat, 24 Mar 2012 02:27:47 -0500 Subject: Removed unnecessary pki folder. Previously the source code was located inside a pki folder. This folder was created during svn migration and is no longer needed. This folder has now been removed and the contents have been moved up one level. Ticket #131 --- .../cms/crl/CMSAuthInfoAccessExtension.java | 259 +++++++++++++++++++++ 1 file changed, 259 insertions(+) create mode 100644 base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java (limited to 'base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java') diff --git a/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java b/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java new file mode 100644 index 000000000..d4cef0148 --- /dev/null +++ b/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java @@ -0,0 +1,259 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.crl; + +import java.io.IOException; +import java.util.Locale; + +import netscape.security.extensions.AuthInfoAccessExtension; +import netscape.security.util.ObjectIdentifier; +import netscape.security.x509.Extension; +import netscape.security.x509.GeneralName; +import netscape.security.x509.URIName; +import netscape.security.x509.X500Name; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.EPropertyNotFound; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.base.IExtendedPluginInfo; +import com.netscape.certsrv.ca.ICMSCRLExtension; +import com.netscape.certsrv.common.NameValuePairs; +import com.netscape.certsrv.logging.ILogger; + +/** + * This represents a Authority Information Access CRL extension. + * + * @version $Revision$, $Date$ + */ +public class CMSAuthInfoAccessExtension + implements ICMSCRLExtension, IExtendedPluginInfo { + public static final String PROP_NUM_ADS = "numberOfAccessDescriptions"; + public static final String PROP_ACCESS_METHOD = "accessMethod"; + public static final String PROP_ACCESS_LOCATION_TYPE = "accessLocationType"; + public static final String PROP_ACCESS_LOCATION = "accessLocation"; + + private static final String PROP_ACCESS_METHOD_OCSP = "ocsp"; + private static final String PROP_ACCESS_METHOD_CAISSUERS = "caIssuers"; + private static final String PROP_DIRNAME = "DirectoryName"; + private static final String PROP_URINAME = "URI"; + + private ILogger mLogger = CMS.getLogger(); + + public CMSAuthInfoAccessExtension() { + } + + public Extension setCRLExtensionCriticality(Extension ext, + boolean critical) { + AuthInfoAccessExtension authInfoAccessExt = (AuthInfoAccessExtension) ext; + + authInfoAccessExt.setCritical(critical); + + return authInfoAccessExt; + } + + public Extension getCRLExtension(IConfigStore config, Object ip, + boolean critical) { + AuthInfoAccessExtension authInfoAccessExt = new AuthInfoAccessExtension(critical); + + int numberOfAccessDescriptions = 0; + + try { + numberOfAccessDescriptions = config.getInteger(PROP_NUM_ADS, 0); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_INVALID_NUM_ADS", e.toString())); + } + + if (numberOfAccessDescriptions > 0) { + + for (int i = 0; i < numberOfAccessDescriptions; i++) { + String accessMethod = null; + String accessLocationType = null; + String accessLocation = null; + ObjectIdentifier method = AuthInfoAccessExtension.METHOD_CA_ISSUERS; + + try { + accessMethod = config.getString(PROP_ACCESS_METHOD + i); + } catch (EPropertyNotFound e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_AM_UNDEFINED", e.toString())); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_AM_INVALID", e.toString())); + } + + if (accessMethod != null && accessMethod.equals(PROP_ACCESS_METHOD_OCSP)) { + method = AuthInfoAccessExtension.METHOD_OCSP; + } + + try { + accessLocationType = config.getString(PROP_ACCESS_LOCATION_TYPE + i); + } catch (EPropertyNotFound e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_ALT_UNDEFINED", e.toString())); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_ALT_INVALID", e.toString())); + } + + try { + accessLocation = config.getString(PROP_ACCESS_LOCATION + i); + } catch (EPropertyNotFound e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED", e.toString())); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID", e.toString())); + } + + if (accessLocationType != null && accessLocation != null && accessLocation.length() > 0) { + if (accessLocationType.equalsIgnoreCase(PROP_DIRNAME)) { + try { + X500Name dirName = new X500Name(accessLocation); + authInfoAccessExt.addAccessDescription(method, new GeneralName(dirName)); + } catch (IOException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_500NAME", e.toString())); + } + } else if (accessLocationType.equalsIgnoreCase(PROP_URINAME)) { + URIName uriName = new URIName(accessLocation); + authInfoAccessExt.addAccessDescription(method, new GeneralName(uriName)); + } else { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_POTINT_TYPE", accessLocation)); + } + } else { + accessLocationType = PROP_URINAME; + String hostname = CMS.getEENonSSLHost(); + String port = CMS.getEENonSSLPort(); + if (hostname != null && port != null) { + accessLocation = "http://" + hostname + ":" + port + "/ca/ee/ca/getCAChain?op=downloadBIN"; + } + URIName uriName = new URIName(accessLocation); + authInfoAccessExt.addAccessDescription(AuthInfoAccessExtension.METHOD_CA_ISSUERS, new GeneralName( + uriName)); + } + } + } + + return authInfoAccessExt; + } + + public String getCRLExtOID() { + return AuthInfoAccessExtension.ID.toString(); + } + + public void getConfigParams(IConfigStore config, NameValuePairs nvp) { + + int numberOfAccessDescriptions = 0; + + try { + numberOfAccessDescriptions = config.getInteger(PROP_NUM_ADS, 0); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_INVALID_NUM_ADS", e.toString())); + } + nvp.put(PROP_NUM_ADS, String.valueOf(numberOfAccessDescriptions)); + + for (int i = 0; i < numberOfAccessDescriptions; i++) { + String accessMethod = null; + String accessLocationType = null; + String accessLocation = null; + + try { + accessMethod = config.getString(PROP_ACCESS_METHOD + i); + } catch (EPropertyNotFound e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_AM_UNDEFINED", e.toString())); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_AM_INVALID", e.toString())); + } + + if (accessMethod != null && accessMethod.length() > 0) { + nvp.put(PROP_ACCESS_METHOD + i, accessMethod); + } else { + nvp.put(PROP_ACCESS_METHOD + i, PROP_ACCESS_METHOD_CAISSUERS); + } + + try { + accessLocationType = config.getString(PROP_ACCESS_LOCATION_TYPE + i); + } catch (EPropertyNotFound e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_ALT_UNDEFINED", e.toString())); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_ALT_INVALID", e.toString())); + } + + if (accessLocationType != null && accessLocationType.length() > 0) { + nvp.put(PROP_ACCESS_LOCATION_TYPE + i, accessLocationType); + } else { + nvp.put(PROP_ACCESS_LOCATION_TYPE + i, PROP_URINAME); + } + + try { + accessLocation = config.getString(PROP_ACCESS_LOCATION + i); + } catch (EPropertyNotFound e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_AL_UNDEFINED", e.toString())); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_AL_INVALID", e.toString())); + } + + if (accessLocation != null && accessLocation.length() > 0) { + nvp.put(PROP_ACCESS_LOCATION + i, accessLocation); + } else { + String hostname = CMS.getEENonSSLHost(); + String port = CMS.getEENonSSLPort(); + if (hostname != null && port != null) { + accessLocation = "http://" + hostname + ":" + port + "/ca/ee/ca/getCAChain?op=downloadBIN"; + } + nvp.put(PROP_ACCESS_LOCATION + i, accessLocation); + } + } + } + + public String[] getExtendedPluginInfo(Locale locale) { + String[] params = { + "enable;boolean;Check to enable Authority Information Access extension.", + "critical;boolean;Set criticality for Authority Information Access extension.", + PROP_NUM_ADS + ";number;Set number of Access Descriptions.", + PROP_ACCESS_METHOD + "0;choice(" + PROP_ACCESS_METHOD_CAISSUERS + "," + + PROP_ACCESS_METHOD_OCSP + ");Select access description method.", + PROP_ACCESS_LOCATION_TYPE + "0;choice(" + PROP_URINAME + "," + + PROP_DIRNAME + ");Select access location type.", + PROP_ACCESS_LOCATION + "0;string;Enter access location " + + "corresponding to the selected access location type.", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ca-edit-crlextension-authorityinformationaccess", + PROP_ACCESS_METHOD + "1;choice(" + PROP_ACCESS_METHOD_CAISSUERS + "," + + PROP_ACCESS_METHOD_OCSP + ");Select access description method.", + PROP_ACCESS_LOCATION_TYPE + "1;choice(" + PROP_URINAME + "," + + PROP_DIRNAME + ");Select access location type.", + PROP_ACCESS_LOCATION + "1;string;Enter access location " + + "corresponding to the selected access location type.", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ca-edit-crlextension-authorityinformationaccess", + PROP_ACCESS_METHOD + "2;choice(" + PROP_ACCESS_METHOD_CAISSUERS + "," + + PROP_ACCESS_METHOD_OCSP + ");Select access description method.", + PROP_ACCESS_LOCATION_TYPE + "2;choice(" + PROP_URINAME + "," + + PROP_DIRNAME + ");Select access location type.", + PROP_ACCESS_LOCATION + "2;string;Enter access location " + + "corresponding to the selected access location type.", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ca-edit-crlextension-authorityinformationaccess", + IExtendedPluginInfo.HELP_TEXT + + ";The Freshest CRL is a non critical CRL extension " + + "that identifies the delta CRL distribution points for a particular CRL." + }; + + return params; + } + + private void log(int level, String msg) { + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, + "CMSAuthInfoAccessExtension - " + msg); + } +} -- cgit