From a4682ceae6774956461edd03b2485bbacea445f4 Mon Sep 17 00:00:00 2001 From: mharmsen Date: Tue, 4 Oct 2011 01:17:41 +0000 Subject: Bugzilla Bug #688225 - (dogtagIPAv2.1) TRACKER: of the Dogtag fixes for freeIPA 2.1 git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/tags/IPA_v2_RHEL_6_2_20111003@2252 c9f7a03b-bd48-0410-a16d-cbbf54688b0b --- .../def/SubjectKeyIdentifierExtDefault.java | 213 +++++++++++++++++++++ 1 file changed, 213 insertions(+) create mode 100644 pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java (limited to 'pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java') diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java new file mode 100644 index 000000000..27a2c496f --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java @@ -0,0 +1,213 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.profile.def; + + +import java.io.*; +import java.security.*; +import java.util.*; +import com.netscape.cms.profile.common.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.profile.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.property.*; +import com.netscape.certsrv.ca.*; +import com.netscape.certsrv.apps.*; + +import netscape.security.x509.*; +import netscape.security.util.*; + + +/** + * This class implements an enrollment default policy + * that populates a subject key identifier extension + * into the certificate template. + * + * @version $Revision$, $Date$ + */ +public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { + + public static final String CONFIG_CRITICAL = "critical"; + + public static final String VAL_CRITICAL = "critical"; + public static final String VAL_KEY_ID = "keyid"; + + public SubjectKeyIdentifierExtDefault() { + super(); + addValueName(VAL_CRITICAL); + addValueName(VAL_KEY_ID); + } + + public void init(IProfile profile, IConfigStore config) + throws EProfileException { + super.init(profile, config); + } + + public IDescriptor getValueDescriptor(Locale locale, String name) { + if (name.equals(VAL_CRITICAL)) { + return new Descriptor(IDescriptor.STRING, + IDescriptor.READONLY, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); + } else if (name.equals(VAL_KEY_ID)) { + return new Descriptor(IDescriptor.STRING, + IDescriptor.READONLY, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ID")); + } else { + return null; + } + } + + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); + } + if (name.equals(VAL_CRITICAL)) { + // read-only; do nothing + } else if (name.equals(VAL_KEY_ID)) { + // read-only; do nothing + } else { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); + } + } + + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); + } + + SubjectKeyIdentifierExtension ext = + (SubjectKeyIdentifierExtension) getExtension( + PKIXExtensions.SubjectKey_Id.toString(), info); + + if(ext == null) + { + try { + populate(null,info); + + } catch (EProfileException e) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); + } + + } + + if (name.equals(VAL_CRITICAL)) { + ext = + (SubjectKeyIdentifierExtension) getExtension( + PKIXExtensions.SubjectKey_Id.toString(), info); + + if (ext == null) { + return null; + } + if (ext.isCritical()) { + return "true"; + } else { + return "false"; + } + } else if (name.equals(VAL_KEY_ID)) { + ext = + (SubjectKeyIdentifierExtension) getExtension( + PKIXExtensions.SubjectKey_Id.toString(), info); + + if (ext == null) { + return null; + } + KeyIdentifier kid = null; + + try { + kid = (KeyIdentifier) + ext.get(SubjectKeyIdentifierExtension.KEY_ID); + } catch (IOException e) { + CMS.debug( "SubjectKeyIdentifierExtDefault::getValue() - " + + "kid is null!" ); + throw new EPropertyException( CMS.getUserMessage( locale, + "CMS_INVALID_PROPERTY", + name ) ); + } + return toHexString(kid.getIdentifier()); + } else { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); + } + } + + public String getText(Locale locale) { + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_KEY_ID_EXT"); + } + + /** + * Populates the request with this policy default. + */ + public void populate(IRequest request, X509CertInfo info) + throws EProfileException { + SubjectKeyIdentifierExtension ext = createExtension(info); + + addExtension(PKIXExtensions.SubjectKey_Id.toString(), ext, info); + } + + public SubjectKeyIdentifierExtension createExtension(X509CertInfo info) { + KeyIdentifier kid = getKeyIdentifier(info); + + if (kid == null) { + CMS.debug("SubjectKeyIdentifierExtDefault: KeyIdentifier not found"); + return null; + } + SubjectKeyIdentifierExtension ext = null; + + boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL)).booleanValue(); + + try { + ext = new SubjectKeyIdentifierExtension(critical, kid.getIdentifier()); + } catch (IOException e) { + CMS.debug("SubjectKeyIdentifierExtDefault: createExtension " + + e.toString()); + // + } + return ext; + } + + public KeyIdentifier getKeyIdentifier(X509CertInfo info) { + try { + CertificateX509Key infokey = (CertificateX509Key) + info.get(X509CertInfo.KEY); + X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY); + MessageDigest md = MessageDigest.getInstance("SHA-1"); + + md.update(key.getKey()); + byte[] hash = md.digest(); + + return new KeyIdentifier(hash); + } catch (NoSuchAlgorithmException e) { + CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " + + e.toString()); + } catch (Exception e) { + CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " + + e.toString()); + } + return null; + } +} -- cgit